Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46887 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-12-05 | N/A | 7.5 HIGH |
| In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. | |||||
| CVE-2023-46886 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-12-05 | N/A | 9.1 CRITICAL |
| Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. | |||||
| CVE-2023-48017 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-11-25 | N/A | 8.8 HIGH |
| Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. | |||||
| CVE-2023-48063 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-11-16 | N/A | 4.3 MEDIUM |
| An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete. | |||||
| CVE-2023-48060 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-11-16 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add | |||||
| CVE-2023-48058 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-11-16 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run | |||||