Dreamer_cms - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Dreamer_cms
(Dreamer_cms_project)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	22

Date	Id	Summary	Products	Score	Patch	Annotated
2023-10-17	CVE-2023-45903	Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.	Dreamer_cms	8.8
2023-10-17	CVE-2023-45904	Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.	Dreamer_cms	8.8
2023-10-17	CVE-2023-45905	Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.	Dreamer_cms	8.8
2023-10-17	CVE-2023-45906	Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.	Dreamer_cms	8.8
2023-10-17	CVE-2023-45907	Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.	Dreamer_cms	8.8
2023-09-27	CVE-2023-43857	Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex.	Dreamer_cms	5.4
2023-09-27	CVE-2023-43856	Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.	Dreamer_cms	7.5
2022-11-17	CVE-2022-42245	Dreamer CMS 4.0.01 is vulnerable to SQL Injection.	Dreamer_cms	9.8
2023-03-16	CVE-2023-27084	Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.	Dreamer_cms	5.3
2022-03-24	CVE-2021-43084	An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.	Dreamer_cms	9.8