Vulnerability Details CVE-2023-43382
Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.3%
CVSS Severity
CVSS v3 Score 8.8
References
- https://aecous.github.io/2023/09/17/Text/?password=Aecous
- https://gist.github.com/Aecous/7c6524859d624c00f4a975ecd5a743a7
- https://gitee.com/iteachyou/dreamer_cms/issues/I821AI
- https://aecous.github.io/2023/09/17/Text/?password=Aecous
- https://gist.github.com/Aecous/7c6524859d624c00f4a975ecd5a743a7
- https://gitee.com/iteachyou/dreamer_cms/issues/I821AI
Products affected by CVE-2023-43382
-
cpe:2.3:a:iteachyou:dreamer_cms:4.1.3