CVE-2023-46886
https://notcve.org/view.php?id=CVE-2023-46886
Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. Dreamer CMS anterior a la versión 4.0.1 es vulnerable a Directory Traversal. La gestión de plantillas en segundo plano permite la modificación arbitraria del archivo de plantilla, lo que permite leer archivos confidenciales del sistema. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NOFN • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-46887
https://notcve.org/view.php?id=CVE-2023-46887
In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. En Dreamer CMS anterior a 4.0.1, la oficina de administración de archivos adjuntos backend tiene una vulnerabilidad de descarga arbitraria de archivos. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NDEZ • CWE-494: Download of Code Without Integrity Check •
CVE-2023-4743 – Dreamer CMS file access
https://notcve.org/view.php?id=CVE-2023-4743
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. • https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability https://vuldb.com/?ctiid.238632 https://vuldb.com/?id.238632 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2023-2473 – Dreamer CMS Password Hash Calculation UserController.java updatePwd algorithmic complexity
https://notcve.org/view.php?id=CVE-2023-2473
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. • https://gitee.com/isoftforce/dreamer_cms/issues/I6WHO7 https://vuldb.com/?ctiid.227860 https://vuldb.com/?id.227860 • CWE-407: Inefficient Algorithmic Complexity •
CVE-2023-0513 – isoftforce Dreamer CMS cross site scripting
https://notcve.org/view.php?id=CVE-2023-0513
A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/isoftforce/dreamer_cms/issues/I68UYM https://gitee.com/isoftforce/dreamer_cms/tree/Latest_Stable_Release_4.1.3 https://vuldb.com/?ctiid.219334 https://vuldb.com/?id.219334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •