CVE-2023-48914
https://notcve.org/view.php?id=CVE-2023-48914
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/archives/add. • https://github.com/Tiamat-ron/cms/blob/main/There%20is%20a%20csrf%20in%20the%20newly%20added%20section%20of%20article%20management.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-48020
https://notcve.org/view.php?id=CVE-2023-48020
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/task/changeStatus. • https://github.com/moonsabc123/dreamer_cms/blob/main/Enable%20CSRF%20for%20Task%20Management%20Office.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-48021
https://notcve.org/view.php?id=CVE-2023-48021
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/task/update. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20CSRF%20in%20the%20task%20management%20editing%20task%20area.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-43382
https://notcve.org/view.php?id=CVE-2023-43382
Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. Vulnerabilidad de directory traversal en itechyou dreamer CMS v.4.1.3 permite a un atacante remoto ejecutar código arbitrario a través de themePath en la función uploaded template. • https://aecous.github.io/2023/09/17/Text/?password=Aecous https://gist.github.com/Aecous/7c6524859d624c00f4a975ecd5a743a7 https://gitee.com/iteachyou/dreamer_cms/issues/I821AI • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-42279
https://notcve.org/view.php?id=CVE-2023-42279
Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form. Dreamer CMS 4.1.3 es vulnerable a la inyección SQL. • https://github.com/zaizainani/-Vulnerability-recurrence-sorting/blob/main/sqlattack-en.pdf https://www.redpacketsecurity.com/dreamer-cms-sql-injection-cve-2023-42279 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •