Login Sign Up

CVE-2023-43382

8.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes a directory traversal vulnerability in itechyou dreamer CMS v4.1.3 that allows remote attackers to execute arbitrary code by manipulating the themePath parameter in the uploaded template function. Attackers can exploit this to upload malicious files outside intended directories, leading to remote code execution. All systems running the vulnerable version of dreamer CMS are affected.

💻 Affected Systems

Products:
  • itechyou dreamer CMS
Versions: v4.1.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the template upload functionality specifically; any installation with this feature enabled is vulnerable.

📦 What is this software?

Dreamer Cms by Iteachyou

View all CVEs affecting Dreamer Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the web server, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Web server compromise leading to website defacement, data theft, or deployment of malware/backdoors.

🟢

If Mitigated

Attack blocked at web application firewall level with no file uploads reaching vulnerable function.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires authentication to access template upload functionality but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.1.4 or later

Vendor Advisory: https://gitee.com/iteachyou/dreamer_cms/issues/I821AI

Restart Required: No

Instructions:

1. Backup current installation and database. 2. Download latest version from official source. 3. Replace all files except configuration and upload directories. 4. Verify functionality.

🔧 Temporary Workarounds

Disable template upload functionality

all

Remove or restrict access to template upload features in the CMS admin interface.

Implement file upload validation

all

Add server-side validation to restrict file uploads to safe directories and validate themePath parameter.

🧯 If You Can't Patch

  • Implement strict WAF rules to block directory traversal patterns in file upload requests
  • Restrict network access to the CMS admin interface using IP whitelisting

🔍 How to Verify

Check if Vulnerable:

Check CMS version in admin panel or by examining version files; if version is exactly 4.1.3, system is vulnerable.

Check Version:

Check admin panel or look for version.txt file in CMS root directory

Verify Fix Applied:

After patching, attempt to upload a template with directory traversal in themePath parameter; should be rejected.

📡 Detection & Monitoring

Log Indicators:

  • File upload attempts with ../ patterns in themePath parameter
  • Unusual file creation in system directories

Network Indicators:

  • HTTP POST requests to template upload endpoints containing directory traversal sequences

SIEM Query:

source="web_logs" AND (uri_path="*upload*" OR uri_path="*template*") AND (http_method="POST") AND (request_body="*../*" OR request_body="*themePath*")

📊 Metadata

CVE ID: CVE-2023-43382
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: September 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43382, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)