NotCVE - vendor:"Dreamer Cms Project" product:"Dreamer Cms" version:" <= 4.1.3"

Page 2 of 33 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-48912

https://notcve.org/view.php?id=CVE-2023-48912

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/archives/edit. • https://github.com/Tiamat-ron/cms/blob/main/There%20is%20a%20csrf%20in%20the%20article%20management%20modification%20section.md • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-46886

https://notcve.org/view.php?id=CVE-2023-46886

Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. Dreamer CMS anterior a la versión 4.0.1 es vulnerable a Directory Traversal. La gestión de plantillas en segundo plano permite la modificación arbitraria del archivo de plantilla, lo que permite leer archivos confidenciales del sistema. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NOFN • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-46887

https://notcve.org/view.php?id=CVE-2023-46887

In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. En Dreamer CMS anterior a 4.0.1, la oficina de administración de archivos adjuntos backend tiene una vulnerabilidad de descarga arbitraria de archivos. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NDEZ • CWE-494: Download of Code Without Integrity Check •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-48017

https://notcve.org/view.php?id=CVE-2023-48017

Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. Dreamer_cms 4.1.3 es vulnerable a Cross Site Request Forgery (CSRF) a través de Agregar permisos a CSRF en Gestión de Permisos. • https://github.com/moonsabc123/dreamer_cms/blob/main/Add%20permissions%20to%20CSRF%20in%20Permission%20Management.md • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-48020

https://notcve.org/view.php?id=CVE-2023-48020

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/task/changeStatus. • https://github.com/moonsabc123/dreamer_cms/blob/main/Enable%20CSRF%20for%20Task%20Management%20Office.md • CWE-352: Cross-Site Request Forgery (CSRF) •

1 2 3 4 5