VYPR

Dreamer CMS

by Dreamer CMS

CVEs (21)

  • CVE-2023-42279CriSep 21, 2023
    risk 0.64cvss 9.8epss 0.01

    Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form.

  • CVE-2023-46886CriNov 29, 2023
    risk 0.59cvss 9.1epss 0.01

    Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.

  • CVE-2023-50017HigDec 14, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup

  • CVE-2023-48914HigNov 30, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.

  • CVE-2023-48913HigNov 30, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.

  • CVE-2023-48912HigNov 30, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.

  • CVE-2023-48021HigNov 14, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update.

  • CVE-2023-48020HigNov 14, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus.

  • CVE-2023-48060HigNov 13, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add

  • CVE-2023-48058HigNov 13, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run

  • CVE-2023-45907HigOct 17, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.

  • CVE-2023-45904HigOct 17, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.

  • CVE-2023-45903HigOct 17, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.

  • CVE-2023-45902HigOct 17, 2023
    risk 0.57cvss 8.8epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.

  • CVE-2023-46887HigNov 29, 2023
    risk 0.49cvss 7.5epss 0.00

    In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.

  • CVE-2023-43856HigSep 27, 2023
    risk 0.49cvss 7.5epss 0.01

    Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.

  • CVE-2023-7091MedDec 24, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has…

  • CVE-2023-49484MedDec 8, 2023
    risk 0.35cvss 5.4epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department.

  • CVE-2023-43857MedSep 27, 2023
    risk 0.35cvss 5.4epss 0.00

    Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex.

  • CVE-2023-48063MedNov 13, 2023
    risk 0.28cvss 4.3epss 0.00

    An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete.

Page 1 of 2