CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7091 – Dreamer CMS uploadFile unrestricted upload
https://notcve.org/view.php?id=CVE-2023-7091
A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/sweatxi/BugHub/blob/main/Dreamer-CMS.pdf https://vuldb.com/?ctiid.248938 https://vuldb.com/?id.248938 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50017
https://notcve.org/view.php?id=CVE-2023-50017
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup Se descubrió que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a través del componente /admin/database/backup • https://github.com/849200701/cms/blob/main/CSRF%20exists%20in%20the%20backup%20and%20restore%20location.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49484
https://notcve.org/view.php?id=CVE-2023-49484
Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. Se descubrió que Dreamer CMS v4.1.3 contiene una vulnerabilidad de Cross-Site Scripting (XSS) en el departamento de administración de artículos. • https://github.com/jiaofj/cms/blob/main/There%20is%20a%20storage%20based%20XSS%20in%20the%20article%20management%20department.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48913
https://notcve.org/view.php?id=CVE-2023-48913
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/archives/delete. • https://github.com/Tiamat-ron/cms/blob/main/The%20deletion%20function%20of%20the%20Article%20Management%20Office%20exists%20in%20CSRF.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48914
https://notcve.org/view.php?id=CVE-2023-48914
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. Se descubrió que Dreamer CMS v4.1.3 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/archives/add. • https://github.com/Tiamat-ron/cms/blob/main/There%20is%20a%20csrf%20in%20the%20newly%20added%20section%20of%20article%20management.md • CWE-352: Cross-Site Request Forgery (CSRF) •