CVE-2023-48914
https://notcve.org/view.php?id=CVE-2023-48914
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/archives/add. • https://github.com/Tiamat-ron/cms/blob/main/There%20is%20a%20csrf%20in%20the%20newly%20added%20section%20of%20article%20management.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-46886
https://notcve.org/view.php?id=CVE-2023-46886
Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. Dreamer CMS anterior a la versión 4.0.1 es vulnerable a Directory Traversal. La gestión de plantillas en segundo plano permite la modificación arbitraria del archivo de plantilla, lo que permite leer archivos confidenciales del sistema. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NOFN • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-46887
https://notcve.org/view.php?id=CVE-2023-46887
In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. En Dreamer CMS anterior a 4.0.1, la oficina de administración de archivos adjuntos backend tiene una vulnerabilidad de descarga arbitraria de archivos. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NDEZ • CWE-494: Download of Code Without Integrity Check •
CVE-2023-48017
https://notcve.org/view.php?id=CVE-2023-48017
Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. Dreamer_cms 4.1.3 es vulnerable a Cross Site Request Forgery (CSRF) a través de Agregar permisos a CSRF en Gestión de Permisos. • https://github.com/moonsabc123/dreamer_cms/blob/main/Add%20permissions%20to%20CSRF%20in%20Permission%20Management.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-48020
https://notcve.org/view.php?id=CVE-2023-48020
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/task/changeStatus. • https://github.com/moonsabc123/dreamer_cms/blob/main/Enable%20CSRF%20for%20Task%20Management%20Office.md • CWE-352: Cross-Site Request Forgery (CSRF) •