CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0425 – ForU CMS password recovery
https://notcve.org/view.php?id=CVE-2024-0425
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. • https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md https://vuldb.com/?ctiid.250444 https://vuldb.com/?id.250444 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46886
https://notcve.org/view.php?id=CVE-2023-46886
Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. Dreamer CMS anterior a la versión 4.0.1 es vulnerable a Directory Traversal. La gestión de plantillas en segundo plano permite la modificación arbitraria del archivo de plantilla, lo que permite leer archivos confidenciales del sistema. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NOFN • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46887
https://notcve.org/view.php?id=CVE-2023-46887
In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. En Dreamer CMS anterior a 4.0.1, la oficina de administración de archivos adjuntos backend tiene una vulnerabilidad de descarga arbitraria de archivos. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NDEZ • CWE-494: Download of Code Without Integrity Check •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48017
https://notcve.org/view.php?id=CVE-2023-48017
Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. Dreamer_cms 4.1.3 es vulnerable a Cross Site Request Forgery (CSRF) a través de Agregar permisos a CSRF en Gestión de Permisos. • https://github.com/moonsabc123/dreamer_cms/blob/main/Add%20permissions%20to%20CSRF%20in%20Permission%20Management.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48063
https://notcve.org/view.php?id=CVE-2023-48063
An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete. Se descubrió un problema en dreamer_cms 4.1.3. Existe una vulnerabilidad CSRF que puede eliminar un proyecto de tema a través de /admin/category/delete. • https://github.com/CP1379767017/cms/blob/dreamcms_vul/There%20is%20a%20CSRF%20vulnerability%20at%20th%20menu%20management%20location.md • CWE-352: Cross-Site Request Forgery (CSRF) •