iteachyou
Products
1- 13 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10320 | Low | 0.20 | 3.1 | 0.00 | Sep 12, 2025 | A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements. Remote exploitation of the attack is possible. A high degree of… | ||
| CVE-2025-3977 | 0.00 | — | 0.00 | Apr 27, 2025 | A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads… | |||
| CVE-2025-1548 | 0.00 | — | 0.00 | Feb 21, 2025 | A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site scripting. The attack can be… | |||
| CVE-2025-1543 | 0.00 | — | 0.00 | Feb 21, 2025 | A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit… | |||
| CVE-2024-3311 | 0.00 | — | 0.00 | Apr 4, 2024 | A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched… | |||
| CVE-2024-3118 | 0.00 | — | 0.00 | Mar 31, 2024 | A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2023-46886 | 0.00 | — | 0.01 | Nov 29, 2023 | Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. | |||
| CVE-2023-4743 | 0.00 | — | 0.00 | Sep 3, 2023 | A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely.… | |||
| CVE-2023-2473 | 0.00 | — | 0.00 | May 2, 2023 | A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity.… | |||
| CVE-2023-29774 | 0.00 | — | 0.00 | Apr 18, 2023 | Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS). | |||
| CVE-2023-1746 | 0.00 | — | 0.00 | Mar 30, 2023 | A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the… | |||
| CVE-2023-27084 | 0.00 | — | 0.00 | Mar 16, 2023 | Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. | |||
| CVE-2022-42245 | 0.00 | — | 0.00 | Nov 17, 2022 | Dreamer CMS 4.0.01 is vulnerable to SQL Injection. |
- risk 0.20cvss 3.1epss 0.00
A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements. Remote exploitation of the attack is possible. A high degree of…
- CVE-2025-3977Apr 27, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads…
- CVE-2025-1548Feb 21, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site scripting. The attack can be…
- CVE-2025-1543Feb 21, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit…
- CVE-2024-3311Apr 4, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched…
- CVE-2024-3118Mar 31, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been…
- CVE-2023-46886Nov 29, 2023risk 0.00cvss —epss 0.01
Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.
- CVE-2023-4743Sep 3, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely.…
- CVE-2023-2473May 2, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity.…
- CVE-2023-29774Apr 18, 2023risk 0.00cvss —epss 0.00
Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).
- CVE-2023-1746Mar 30, 2023risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the…
- CVE-2023-27084Mar 16, 2023risk 0.00cvss —epss 0.00
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.
- CVE-2022-42245Nov 17, 2022risk 0.00cvss —epss 0.00
Dreamer CMS 4.0.01 is vulnerable to SQL Injection.