Vulnerabilities > Dreamer CMS Project > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-29 CVE-2023-46887 Download of Code Without Integrity Check vulnerability in Dreamer CMS Project Dreamer CMS
In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.
network
low complexity
dreamer-cms-project CWE-494
7.5
2023-11-18 CVE-2023-48017 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.
network
low complexity
dreamer-cms-project CWE-352
8.8
2023-11-13 CVE-2023-48058 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run
network
low complexity
dreamer-cms-project CWE-352
8.8
2023-11-13 CVE-2023-48060 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add
network
low complexity
dreamer-cms-project CWE-352
8.8
2023-10-17 CVE-2023-45901 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add.
network
low complexity
dreamer-cms-project CWE-352
8.8
2023-10-17 CVE-2023-45902 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.
network
low complexity
dreamer-cms-project CWE-352
8.8
2023-10-17 CVE-2023-45903 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.
network
low complexity
dreamer-cms-project CWE-352
8.8
2023-10-17 CVE-2023-45904 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.
network
low complexity
dreamer-cms-project CWE-352
8.8
2023-10-17 CVE-2023-45905 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.
network
low complexity
dreamer-cms-project CWE-352
8.8
2023-10-17 CVE-2023-45906 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.
network
low complexity
dreamer-cms-project CWE-352
8.8