Dreamer_cms - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Dreamer_cms
(Dreamer_cms_project)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	22

Date	Id	Summary	Products	Score	Patch	Annotated
2023-10-17	CVE-2023-45904	Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.	Dreamer_cms	8.8
2023-10-17	CVE-2023-45905	Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.	Dreamer_cms	8.8
2023-10-17	CVE-2023-45906	Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.	Dreamer_cms	8.8
2023-10-17	CVE-2023-45907	Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.	Dreamer_cms	8.8
2023-11-13	CVE-2023-48058	Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run	Dreamer_cms	8.8
2023-11-13	CVE-2023-48060	Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add	Dreamer_cms	8.8
2023-11-13	CVE-2023-48063	An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete.	Dreamer_cms	4.3
2023-11-18	CVE-2023-48017	Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.	Dreamer_cms	8.8
2023-11-29	CVE-2023-46886	Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.	Dreamer_cms	9.1
2023-11-29	CVE-2023-46887	In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.	Dreamer_cms	7.5