Vulnerabilities > Dreamer CMS Project

DATE CVE VULNERABILITY TITLE RISK
2023-11-29 CVE-2023-46886 Path Traversal vulnerability in Dreamer CMS Project Dreamer CMS
Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal.
network
low complexity
dreamer-cms-project CWE-22
critical
 9.1
9.1
2023-11-29 CVE-2023-46887 Download of Code Without Integrity Check vulnerability in Dreamer CMS Project Dreamer CMS
In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.
network
low complexity
dreamer-cms-project CWE-494
7.5
7.5
2023-11-18 CVE-2023-48017 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.
network
low complexity
dreamer-cms-project CWE-352
8.8
8.8
2023-11-13 CVE-2023-48058 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run
network
low complexity
dreamer-cms-project CWE-352
8.8
8.8
2023-11-13 CVE-2023-48060 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add
network
low complexity
dreamer-cms-project CWE-352
8.8
8.8
2023-11-13 CVE-2023-48063 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
An issue was discovered in dreamer_cms 4.1.3.
network
low complexity
dreamer-cms-project CWE-352
4.3
4.3
2023-10-17 CVE-2023-45901 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add.
network
low complexity
dreamer-cms-project CWE-352
8.8
8.8
2023-10-17 CVE-2023-45902 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.
network
low complexity
dreamer-cms-project CWE-352
8.8
8.8
2023-10-17 CVE-2023-45903 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.
network
low complexity
dreamer-cms-project CWE-352
8.8
8.8
2023-10-17 CVE-2023-45904 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.
network
low complexity
dreamer-cms-project CWE-352
8.8
8.8