Vulnerabilities > Dreamer CMS Project > Dreamer CMS > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-17 | CVE-2023-45907 | Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. | 8.8 |
2023-09-27 | CVE-2023-43856 | Files or Directories Accessible to External Parties vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. | 7.5 |
2023-05-02 | CVE-2023-2473 | Algorithmic Complexity vulnerability in Dreamer CMS Project Dreamer CMS A vulnerability was found in Dreamer CMS up to 4.1.3. | 7.5 |
2022-03-24 | CVE-2021-43084 | SQL Injection vulnerability in Dreamer CMS Project Dreamer CMS 4.0.0 An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter. | 7.5 |