Page 5 of 25 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. Se descubrió que Dreamer CMS v4.1.3 contenía una vulnerabilidad de lectura de archivos arbitraria a través del componente /admin/TemplateController.java. • http://cms.iteachyou.cc http://dreamer.com https://github.com/yux1azhengye https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. Vulnerabilidad de directory traversal en itechyou dreamer CMS v.4.1.3 permite a un atacante remoto ejecutar código arbitrario a través de themePath en la función uploaded template. • https://aecous.github.io/2023/09/17/Text/?password=Aecous https://gist.github.com/Aecous/7c6524859d624c00f4a975ecd5a743a7 https://gitee.com/iteachyou/dreamer_cms/issues/I821AI • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form. Dreamer CMS 4.1.3 es vulnerable a la inyección SQL. • https://github.com/zaizainani/-Vulnerability-recurrence-sorting/blob/main/sqlattack-en.pdf https://www.redpacketsecurity.com/dreamer-cms-sql-injection-cve-2023-42279 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. • https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability https://vuldb.com/?ctiid.238632 https://vuldb.com/?id.238632 • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. • https://gitee.com/isoftforce/dreamer_cms/issues/I6WHO7 https://vuldb.com/?ctiid.227860 https://vuldb.com/?id.227860 • CWE-407: Inefficient Algorithmic Complexity •