Vulnerabilities > Iteachyou
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-17 | CVE-2023-45902 | Cross-Site Request Forgery (CSRF) vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete. | 8.8 |
| 2023-10-17 | CVE-2023-45903 | Cross-Site Request Forgery (CSRF) vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete. | 8.8 |
| 2023-10-17 | CVE-2023-45904 | Cross-Site Request Forgery (CSRF) vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update. | 8.8 |
| 2023-10-17 | CVE-2023-45905 | Cross-Site Request Forgery (CSRF) vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add. | 8.8 |
| 2023-10-17 | CVE-2023-45906 | Cross-Site Request Forgery (CSRF) vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add. | 8.8 |
| 2023-10-17 | CVE-2023-45907 | Cross-Site Request Forgery (CSRF) vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. | 8.8 |
| 2023-09-27 | CVE-2023-43856 | Files or Directories Accessible to External Parties vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. | 7.5 |
| 2023-09-27 | CVE-2023-43857 | Cross-site Scripting vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. | 5.4 |
| 2023-09-25 | CVE-2023-43382 | Path Traversal vulnerability in Iteachyou Dreamer CMS 4.1.3 Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. | 8.8 |
| 2023-09-21 | CVE-2023-42279 | SQL Injection vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form. | 9.8 |