Product:

Dreamer_cms

(Dreamer_cms_project)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 22
Date Id Summary Products Score Patch Annotated
2023-10-17 CVE-2023-45902 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete. Dreamer_cms 8.8
2023-10-17 CVE-2023-45903 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete. Dreamer_cms 8.8
2023-10-17 CVE-2023-45904 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update. Dreamer_cms 8.8
2023-10-17 CVE-2023-45905 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add. Dreamer_cms 8.8
2023-10-17 CVE-2023-45906 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add. Dreamer_cms 8.8
2023-10-17 CVE-2023-45907 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. Dreamer_cms 8.8
2023-09-27 CVE-2023-43857 Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. Dreamer_cms 5.4
2023-09-27 CVE-2023-43856 Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. Dreamer_cms 7.5
2022-11-17 CVE-2022-42245 Dreamer CMS 4.0.01 is vulnerable to SQL Injection. Dreamer_cms 9.8
2023-03-16 CVE-2023-27084 Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. Dreamer_cms 5.3