CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45905
https://notcve.org/view.php?id=CVE-2023-45905
17 Oct 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/variable/add. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20csrf%20vulnerability%20in%20variable%20management%20with%20added%20functionality.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45906
https://notcve.org/view.php?id=CVE-2023-45906
17 Oct 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/user/add. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20csrf%20in%20the%20user%20added%20function.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45907
https://notcve.org/view.php?id=CVE-2023-45907
17 Oct 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/variable/delete. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20csrf%20vulnerability%20in%20the%20variable%20management%20deletion%20function.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5259 – ForU CMS cms_admin.php denial of service
https://notcve.org/view.php?id=CVE-2023-5259
29 Sep 2023 — A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/RCEraser/cve/blob/main/ForU-CMS.md • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5221 – ForU CMS index.php code injection
https://notcve.org/view.php?id=CVE-2023-5221
27 Sep 2023 — A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Fovker8/cve/blob/main/rce.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43856
https://notcve.org/view.php?id=CVE-2023-43856
26 Sep 2023 — Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. Se descubrió que Dreamer CMS v4.1.3 contenía una vulnerabilidad de lectura de archivos arbitraria a través del componente /admin/TemplateController.java. • http://cms.iteachyou.cc • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43857
https://notcve.org/view.php?id=CVE-2023-43857
26 Sep 2023 — Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas a través del componente /admin/u/toIndex. • https://gitee.com/iteachyou/dreamer_cms/issues/I834WV • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43154
https://notcve.org/view.php?id=CVE-2023-43154
26 Sep 2023 — In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account. En Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, la comparación vaga en la función "isValidLogin()" durante el intento de inicio de sesión da como resultado una vulnerabilidad de confusión de tipo PHP que conduce a la omisión de autenticac... • https://github.com/ally-petitt/CVE-2023-43154-PoC • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4743 – Dreamer CMS file access
https://notcve.org/view.php?id=CVE-2023-4743
03 Sep 2023 — A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. • https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25856
https://notcve.org/view.php?id=CVE-2021-25856
11 Aug 2023 — An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php. • https://github.com/pcmt/superMicro-CMS/issues/1 •