CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25811
https://notcve.org/view.php?id=CVE-2024-25811
29 Feb 2024 — An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information. Un problema de control de acceso en Dreamer CMS v4.0.1 permite a los atacantes descargar archivos de respaldo y filtrar información confidencial. • https://github.com/Fei123-design/vuln/blob/master/Dreamer%20CMS%20Unauthorized%20access%20vulnerability.md • CWE-284: Improper Access Control •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46886
https://notcve.org/view.php?id=CVE-2023-46886
29 Nov 2023 — Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. Dreamer CMS anterior a la versión 4.0.1 es vulnerable a Directory Traversal. La gestión de plantillas en segundo plano permite la modificación arbitraria del archivo de plantilla, lo que permite leer archivos confidenciales del sistema. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NOFN • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46887
https://notcve.org/view.php?id=CVE-2023-46887
29 Nov 2023 — In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. En Dreamer CMS anterior a 4.0.1, la oficina de administración de archivos adjuntos backend tiene una vulnerabilidad de descarga arbitraria de archivos. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NDEZ • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48017
https://notcve.org/view.php?id=CVE-2023-48017
18 Nov 2023 — Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. Dreamer_cms 4.1.3 es vulnerable a Cross Site Request Forgery (CSRF) a través de Agregar permisos a CSRF en Gestión de Permisos. • https://github.com/moonsabc123/dreamer_cms/blob/main/Add%20permissions%20to%20CSRF%20in%20Permission%20Management.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48058
https://notcve.org/view.php?id=CVE-2023-48058
13 Nov 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run Se descubrió que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a través del componente /admin/task/run • https://github.com/CP1379767017/cms/blob/main/CSRF%20exists%20at%20the%20task%20management%20execution%20task%20location.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48060
https://notcve.org/view.php?id=CVE-2023-48060
13 Nov 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add Se descubrió que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a través del componente /admin/task/add • https://github.com/CP1379767017/cms/blob/main/CSRF%20exists%20at%20the%20location%20where%20task%20management%20adds%20tasks.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48063
https://notcve.org/view.php?id=CVE-2023-48063
13 Nov 2023 — An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete. Se descubrió un problema en dreamer_cms 4.1.3. Existe una vulnerabilidad CSRF que puede eliminar un proyecto de tema a través de /admin/category/delete. • https://github.com/CP1379767017/cms/blob/dreamcms_vul/There%20is%20a%20CSRF%20vulnerability%20at%20th%20menu%20management%20location.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45901
https://notcve.org/view.php?id=CVE-2023-45901
17 Oct 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add. Se descubrió que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a través del componente /admin\/category\/add. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20csrf%20in%20the%20newly%20added%20column%20of%20column%20management.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45902
https://notcve.org/view.php?id=CVE-2023-45902
17 Oct 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/attachment/delete. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20csrf%20in%20the%20attachment%20management%20deletion%20function.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45903
https://notcve.org/view.php?id=CVE-2023-45903
17 Oct 2023 — Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/label/delete. • https://github.com/moonsabc123/dreamer_cms/blob/main/There%20is%20a%20csrf%20vulnerability%20in%20the%20label%20management%20deletion%20function.md • CWE-352: Cross-Site Request Forgery (CSRF) •