CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-43382
https://notcve.org/view.php?id=CVE-2023-43382
25 Sep 2023 — Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. Vulnerabilidad de directory traversal en itechyou dreamer CMS v.4.1.3 permite a un atacante remoto ejecutar código arbitrario a través de themePath en la función uploaded template. • https://aecous.github.io/2023/09/17/Text/?password=Aecous • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42279
https://notcve.org/view.php?id=CVE-2023-42279
21 Sep 2023 — Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form. Dreamer CMS 4.1.3 es vulnerable a la inyección SQL. • https://github.com/zaizainani/-Vulnerability-recurrence-sorting/blob/main/sqlattack-en.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29774
https://notcve.org/view.php?id=CVE-2023-29774
18 Apr 2023 — Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS). • https://github.com/iteachyou-wjn/dreamer_cms/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •