Iteachyou Dreamer_cms
39 CVEs affecting Iteachyou Dreamer_cms. Latest disclosed: 2025-04-27. Critical: 3, High: 19.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-42279 | Critical | 9.8 | 2023-09-21 | Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form. |
CVE-2021-43084 | Critical | 9.8 | 2022-03-24 | An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter. |
CVE-2023-46886 | Critical | 9.1 | 2023-11-29 | Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allow… |
CVE-2023-50017 | High | 8.8 | 2023-12-14 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup |
CVE-2023-48914 | High | 8.8 | 2023-11-30 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. |
CVE-2023-48913 | High | 8.8 | 2023-11-30 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete. |
CVE-2023-48912 | High | 8.8 | 2023-11-30 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. |
CVE-2023-48017 | High | 8.8 | 2023-11-18 | Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. |
CVE-2023-48021 | High | 8.8 | 2023-11-14 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. |
CVE-2023-48020 | High | 8.8 | 2023-11-14 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. |
CVE-2023-48060 | High | 8.8 | 2023-11-13 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add |
CVE-2023-48058 | High | 8.8 | 2023-11-13 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run |
CVE-2023-45907 | High | 8.8 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. |
CVE-2023-45906 | High | 8.8 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add. |
CVE-2023-45905 | High | 8.8 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add. |
CVE-2023-45904 | High | 8.8 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update. |
CVE-2023-45903 | High | 8.8 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete. |
CVE-2023-45902 | High | 8.8 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete. |
CVE-2023-45901 | High | 8.8 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add. |
CVE-2023-43382 | High | 8.8 | 2023-09-25 | Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template… |