11 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/sweatxi/BugHub/blob/main/Dreamer-CMS.pdf https://vuldb.com/?ctiid.248938 https://vuldb.com/?id.248938 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup Se descubrió que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a través del componente /admin/database/backup • https://github.com/849200701/cms/blob/main/CSRF%20exists%20in%20the%20backup%20and%20restore%20location.md • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Scripting (XSS) en el departamento de administración de artículos. • https://github.com/jiaofj/cms/blob/main/There%20is%20a%20storage%20based%20XSS%20in%20the%20article%20management%20department.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/archives/edit. • https://github.com/Tiamat-ron/cms/blob/main/There%20is%20a%20csrf%20in%20the%20article%20management%20modification%20section.md • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/archives/delete. • https://github.com/Tiamat-ron/cms/blob/main/The%20deletion%20function%20of%20the%20Article%20Management%20Office%20exists%20in%20CSRF.md • CWE-352: Cross-Site Request Forgery (CSRF) •