Every CVE whose affected-product data names Iteachyou Dreamer Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (39)
CVE-2023-42279 — CVSS 9.8 (critical): Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form.
CVE-2023-46886 — CVSS 9.1 (critical): Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the…
CVE-2023-50017 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup
CVE-2023-45906 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.
CVE-2023-45907 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.
CVE-2023-48017 — CVSS 8.8 (high): Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.
CVE-2023-48020 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus.
CVE-2023-48021 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update.
CVE-2023-48058 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run
CVE-2023-48060 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add
CVE-2023-48912 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.
CVE-2023-48913 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.
CVE-2023-48914 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.
CVE-2023-43382 — CVSS 8.8 (high): Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in…
CVE-2023-45901 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add.
CVE-2023-45902 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.
CVE-2023-45903 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.
CVE-2023-45904 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.
CVE-2023-45905 — CVSS 8.8 (high): Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.
CVE-2023-43856 — CVSS 7.5 (high): Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.
CVE-2023-46887 — CVSS 7.5 (high): In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.
CVE-2024-25811 — CVSS 6.5 (medium): An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information.
CVE-2024-3311 — CVSS 6.3 (medium): A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function…
CVE-2023-7091 — CVSS 6.3 (medium): A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file…
CVE-2024-3118 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of…
CVE-2023-43857 — CVSS 5.4 (medium): Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex.
CVE-2023-49484 — CVSS 5.4 (medium): Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department.
CVE-2023-27084 — CVSS 5.3 (medium): Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the…
CVE-2025-3977 — CVSS 4.3 (medium): A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an…
CVE-2023-2473 — CVSS 4.3 (medium): A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function…
CVE-2023-48063 — CVSS 4.3 (medium): An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete.
CVE-2024-2354 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file…
CVE-2025-1543 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown…
CVE-2023-1746 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the…
CVE-2023-0513 — CVSS 3.5 (low): A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown…
CVE-2025-1548 — CVSS 3.5 (low): A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of…
CVE-2023-4743 — CVSS 3.1 (low): A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file…