CVE-2023-48913

8.8 HIGH

Authentication Bypass CSRF

📋 TL;DR

Dreamer CMS v4.1.3 contains a CSRF vulnerability in the article deletion function that allows attackers to trick authenticated administrators into performing unauthorized deletions. This affects any Dreamer CMS installation with the vulnerable version exposed to untrusted users. Attackers can delete articles without the admin's knowledge or consent.

💻 Affected Systems

Products:

• Dreamer CMS

Versions: v4.1.3 (specific version mentioned in CVE)

Operating Systems: Any OS running Dreamer CMS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with the vulnerable version. Requires admin authentication but no CSRF tokens on deletion endpoint.

📦 What is this software?

Dreamer Cms by Iteachyou

View all CVEs affecting Dreamer Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of website content through mass article deletion, potentially causing business disruption, data loss, and reputational damage.

🟠

Likely Case

Selective deletion of important articles or content sections, causing content management issues and requiring restoration from backups.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if the admin interface is not accessible to attackers.

🌐 Internet-Facing: HIGH - Web applications with admin interfaces exposed to the internet are prime targets for CSRF attacks.

🏢 Internal Only: MEDIUM - Internal networks still face risk from phishing or compromised internal systems, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement. Requires the victim admin to be authenticated and visit a malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check for official patch from Dreamer CMS developers. 2. If patch available, apply according to vendor instructions. 3. Verify CSRF protection is implemented on /admin/archives/delete endpoint.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to the article deletion endpoint

Copy

Modify /admin/archives/delete endpoint to require and validate CSRF tokens

Restrict Admin Access

all

Limit admin interface access to trusted IP addresses only

Copy

Configure web server (Apache/Nginx) to restrict /admin/* paths to specific IPs

🧯 If You Can't Patch

• Implement web application firewall (WAF) rules to detect and block CSRF attempts
• Require re-authentication for destructive actions like deletions

🔍 How to Verify

Check if Vulnerable:

Copy

Test if /admin/archives/delete endpoint accepts requests without CSRF tokens when admin is authenticated

Check Version:

Copy

Check Dreamer CMS version in admin panel or configuration files

Verify Fix Applied:

Copy

Verify that /admin/archives/delete endpoint now requires and validates CSRF tokens

📡 Detection & Monitoring

Log Indicators:

• Multiple DELETE requests to /admin/archives/delete from same session
• Article deletions without corresponding admin actions in logs

Network Indicators:

• HTTP requests to /admin/archives/delete without Referer header validation
• POST requests from unexpected origins to admin endpoints

SIEM Query:

Copy

source="web_logs" AND uri="/admin/archives/delete" AND NOT referer="*admin*"

📊 Metadata

CVE ID: CVE-2023-48913

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: November 30, 2023

Last Updated: November 21, 2024

🔗 References

• https://github.com/Tiamat-ron/cms/blob/main/The%20deletion%20function%20of%20the%20Article%20Management%20Office%20exists%20in%20CSRF.md Exploit
• https://github.com/Tiamat-ron/cms/blob/main/The%20deletion%20function%20of%20the%20Article%20Management%20Office%20exists%20in%20CSRF.md Exploit

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48913, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)

CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)

CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)