Login Sign Up

CVE-2023-43856

7.5 HIGH

📋 TL;DR

Dreamer CMS v4.1.3 contains an arbitrary file read vulnerability in the TemplateController component that allows attackers to read sensitive files from the server. This affects all systems running the vulnerable version of Dreamer CMS. Attackers can potentially access configuration files, credentials, and other sensitive data.

💻 Affected Systems

Products:
  • Dreamer CMS
Versions: v4.1.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Dreamer CMS v4.1.3 with the vulnerable TemplateController component accessible.

📦 What is this software?

Dreamer Cms by Iteachyou

View all CVEs affecting Dreamer Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive configuration files containing database credentials, SSH keys, or other authentication secrets leading to lateral movement or data exfiltration.

🟠

Likely Case

Exposure of sensitive configuration files, source code, or user data that could enable further attacks or information disclosure.

🟢

If Mitigated

Limited impact if proper network segmentation, file permissions, and access controls prevent reading of critical system files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin access to the TemplateController endpoint. Public proof-of-concept available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit access to the /admin/TemplateController endpoint to trusted IP addresses only

# Configure web server (Apache/Nginx) to restrict /admin/* paths
# Example Nginx: location /admin/ { deny all; }

File Permission Hardening

linux

Set strict file permissions on sensitive directories and configuration files

chmod 600 sensitive-config-files
chmod 700 sensitive-directories

🧯 If You Can't Patch

  • Implement network segmentation to isolate Dreamer CMS from sensitive systems
  • Deploy web application firewall (WAF) with rules to block arbitrary file read patterns

🔍 How to Verify

Check if Vulnerable:

Check if Dreamer CMS version is 4.1.3 and if /admin/TemplateController endpoint is accessible

Check Version:

Check CMS version in admin panel or configuration files

Verify Fix Applied:

Test if file read attempts through TemplateController are blocked or return appropriate errors

📡 Detection & Monitoring

Log Indicators:

  • Unusual file path patterns in admin access logs
  • Multiple failed file read attempts from TemplateController

Network Indicators:

  • HTTP requests to /admin/TemplateController with file path parameters

SIEM Query:

source="web_logs" AND uri="/admin/TemplateController" AND (param="file" OR param="path")

📊 Metadata

CVE ID: CVE-2023-43856
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-552
Published: September 27, 2023
Last Updated: April 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43856, you might also want to check these:

CVE-2025-41240 10.0

This critical vulnerability allows unauthenticated remote attackers to access Kubernetes secrets via...

Same vulnerability type (CWE-552)
CVE-2024-56731 10.0

This vulnerability allows unprivileged users in Gogs to delete files in the .git directory, leading ...

Same vulnerability type (CWE-552)
CVE-2024-6209 10.0

This vulnerability allows attackers to access files without authorization in ABB ASPECT-Enterprise, ...

Same vulnerability type (CWE-552)