Iteachyou Dreamer_cms

39 CVEs affecting Iteachyou Dreamer_cms. Latest disclosed: 2025-04-27. Critical: 3, High: 19.

Top CVEs affecting Iteachyou Dreamer_cms
CVESeverityScorePublishedSummary
CVE-2023-42279Critical9.82023-09-21Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form.
CVE-2021-43084Critical9.82022-03-24An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.
CVE-2023-46886Critical9.12023-11-29Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allow…
CVE-2023-50017High8.82023-12-14Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup
CVE-2023-48914High8.82023-11-30Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.
CVE-2023-48913High8.82023-11-30Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.
CVE-2023-48912High8.82023-11-30Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.
CVE-2023-48017High8.82023-11-18Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.
CVE-2023-48021High8.82023-11-14Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update.
CVE-2023-48020High8.82023-11-14Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus.
CVE-2023-48060High8.82023-11-13Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add
CVE-2023-48058High8.82023-11-13Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run
CVE-2023-45907High8.82023-10-17Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.
CVE-2023-45906High8.82023-10-17Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.
CVE-2023-45905High8.82023-10-17Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.
CVE-2023-45904High8.82023-10-17Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.
CVE-2023-45903High8.82023-10-17Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.
CVE-2023-45902High8.82023-10-17Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.
CVE-2023-45901High8.82023-10-17Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add.
CVE-2023-43382High8.82023-09-25Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template…