Iteachyou: >> Dreamer Cms >> 4.1.3 Security Vulnerabilities
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-09-27
Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-09-27
Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.
CVSS Score
8.8
EPSS Score
0.027
Published
2023-09-25
Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-21