20 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 4

A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched remotely. • https://github.com/FaLLenSKiLL1/CVE-2024-33113 https://github.com/FaLLenSKiLL1/CVE-2024-33111 https://github.com/tekua/CVE-2024-33113 https://gitee.com/iteachyou/dreamer_cms/releases/tag/Latest_Stable_Release_4.1.3.1 https://gitee.com/y1336247431/poc-public/issues/I9BA5R https://vuldb.com/?ctiid.259369 https://vuldb.com/?id.259369 https://vuldb.com/?submit.303874 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sweatxi/BugHub/blob/main/dreamer_Excessive_authority.pdf https://vuldb.com/?ctiid.258779 https://vuldb.com/?id.258779 https://vuldb.com/?submit.303196 • CWE-275: Permission Issues •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sweatxi/BugHub/blob/main/dreamer_cms_admin_menu_toEdit_csrf.pdf https://vuldb.com/?ctiid.256314 https://vuldb.com/?id.256314 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. Dreamer_cms 4.1.3 es vulnerable a Cross Site Request Forgery (CSRF) a través de Agregar permisos a CSRF en Gestión de Permisos. • https://github.com/moonsabc123/dreamer_cms/blob/main/Add%20permissions%20to%20CSRF%20in%20Permission%20Management.md • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add Se descubrió que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a través del componente /admin/task/add • https://github.com/CP1379767017/cms/blob/main/CSRF%20exists%20at%20the%20location%20where%20task%20management%20adds%20tasks.md • CWE-352: Cross-Site Request Forgery (CSRF) •