CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2024-3118 – Dreamer CMS Attachment permission
https://notcve.org/view.php?id=CVE-2024-3118
A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sweatxi/BugHub/blob/main/dreamer_Excessive_authority.pdf https://vuldb.com/?ctiid.258779 https://vuldb.com/?id.258779 https://vuldb.com/?submit.303196 • CWE-275: Permission Issues •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2354 – Dreamer CMS toEdit cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-2354
A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sweatxi/BugHub/blob/main/dreamer_cms_admin_menu_toEdit_csrf.pdf https://vuldb.com/?ctiid.256314 https://vuldb.com/?id.256314 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48017
https://notcve.org/view.php?id=CVE-2023-48017
Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. Dreamer_cms 4.1.3 es vulnerable a Cross Site Request Forgery (CSRF) a través de Agregar permisos a CSRF en Gestión de Permisos. • https://github.com/moonsabc123/dreamer_cms/blob/main/Add%20permissions%20to%20CSRF%20in%20Permission%20Management.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48063
https://notcve.org/view.php?id=CVE-2023-48063
An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete. Se descubrió un problema en dreamer_cms 4.1.3. Existe una vulnerabilidad CSRF que puede eliminar un proyecto de tema a través de /admin/category/delete. • https://github.com/CP1379767017/cms/blob/dreamcms_vul/There%20is%20a%20CSRF%20vulnerability%20at%20th%20menu%20management%20location.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48058
https://notcve.org/view.php?id=CVE-2023-48058
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run Se descubrió que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a través del componente /admin/task/run • https://github.com/CP1379767017/cms/blob/main/CSRF%20exists%20at%20the%20task%20management%20execution%20task%20location.md • CWE-352: Cross-Site Request Forgery (CSRF) •