Dreamercmsproject Dreamer Cms
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Dreamercmsproject Dreamer Cms.
By the Year
In 2026 there have been 0 vulnerabilities in Dreamercmsproject Dreamer Cms. Dreamer Cms did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 20 | 7.35 |
| 2022 | 2 | 9.80 |
It may take a day or so for new Dreamer Cms vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dreamercmsproject Dreamer Cms Security Vulnerabilities
Dreamer CMS Pre-4.0.1 Directory Traversal via Template Management
CVE-2023-46886
9.1 - Critical
- November 29, 2023
Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.
Directory traversal
Dreamer CMS v<4.0.1 Arbitrary File Download Vulnerability
CVE-2023-46887
7.5 - High
- November 29, 2023
In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.
Download of Code Without Integrity Check
Dreamer CMS 4.1.3 CSRF via Permission Management
CVE-2023-48017
8.8 - High
- November 18, 2023
Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.
Session Riding
CSRF in Dreamer CMS 4.1.3 via /admin/task/run
CVE-2023-48058
8.8 - High
- November 13, 2023
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run
Session Riding
Dreamer CMS v4.1.3 CSRF via /admin/task/add
CVE-2023-48060
8.8 - High
- November 13, 2023
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add
Session Riding
dreamer_cms 4.1.3: CSRF allows deletion via /admin/category/delete
CVE-2023-48063
4.3 - Medium
- November 13, 2023
An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete.
Session Riding
CSRF in Dreamer CMS 4.1.3 via /admin/variable/add
CVE-2023-45905
8.8 - High
- October 17, 2023
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.
Session Riding
CVE-23-45901 Dreamer CMS v4.1.3 CSRF /admin/category/add
CVE-2023-45901
8.8 - High
- October 17, 2023
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add.
Session Riding
Dreamer CMS v4.1.3 CSRF via /admin/attachment/delete
CVE-2023-45902
8.8 - High
- October 17, 2023
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.
Session Riding
Dreamer CMS 4.1.3 CSRF in /admin/label/delete
CVE-2023-45903
8.8 - High
- October 17, 2023
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.
Session Riding
Dreamer CMS v4.1.3 CSRF via /variable/update
CVE-2023-45904
8.8 - High
- October 17, 2023
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.
Session Riding
CSRF in Dreamer CMS v4.1.3 via /admin/user/add
CVE-2023-45906
8.8 - High
- October 17, 2023
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.
Session Riding
Dreamer CMS v4.1.3 CSRF via /admin/variable/delete
CVE-2023-45907
8.8 - High
- October 17, 2023
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.
Session Riding
Dreamer CMS 4.1.3 Stored XSS in /admin/u/toIndex
CVE-2023-43857
5.4 - Medium
- September 27, 2023
Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex.
XSS
Dreamer CMS v4.1.3 Arbitrary File Read via /admin/TemplateController
CVE-2023-43856
7.5 - High
- September 27, 2023
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.
Files or Directories Accessible to External Parties
Dreamer CMS <=4.1.3 Remote File Access via /upload/ueditorConfig
CVE-2023-4743
4.8 - Medium
- September 03, 2023
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238632. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Files or Directories Accessible to External Parties
Dreamer CMS <4.1.3: Remote DoS via Password Hash Calc
CVE-2023-2473
4.3 - Medium
- May 02, 2023
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860.
Inefficient Algorithmic Complexity
Dreamer CMS 3.5.0 XSS via File Upload Handler
CVE-2023-1746
5.4 - Medium
- March 30, 2023
A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability.
XSS
Permissions flaw in isoftforce Dreamer CMS 4.0.1 AttachmentController
CVE-2023-27084
5.3 - Medium
- March 16, 2023
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.
Incorrect Permission Assignment for Critical Resource
XSS in isoftforce Dreamer CMS 4.0.1 (fixed 4.1.3)
CVE-2023-0513
5.4 - Medium
- January 26, 2023
A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability.
XSS
SQLi Vulnerability in Dreamer CMS 4.0.01
CVE-2022-42245
9.8 - Critical
- November 17, 2022
Dreamer CMS 4.0.01 is vulnerable to SQL Injection.
SQL Injection
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0
CVE-2021-43084
9.8 - Critical
- March 24, 2022
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Dreamercmsproject Dreamer Cms or by Dreamercmsproject? Click the Watch button to subscribe.
