Vulnerabilities > Dreamer CMS Project > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-17 CVE-2023-45907 Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.
network
low complexity
dreamer-cms-project CWE-352
8.8
8.8
2023-09-27 CVE-2023-43856 Files or Directories Accessible to External Parties vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.
network
low complexity
dreamer-cms-project CWE-552
7.5
7.5
2023-05-02 CVE-2023-2473 Algorithmic Complexity vulnerability in Dreamer CMS Project Dreamer CMS
A vulnerability was found in Dreamer CMS up to 4.1.3.
network
low complexity
dreamer-cms-project CWE-407
7.5
7.5
2022-03-24 CVE-2021-43084 SQL Injection vulnerability in Dreamer CMS Project Dreamer CMS 4.0.0
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.
network
low complexity
dreamer-cms-project CWE-89
7.5
7.5