📦 Dreamer Cms
by Iteachyou
🔍 What is Dreamer Cms?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
Dreamer CMS versions before 4.0.1 contain a directory traversal vulnerability in the background template management feature. This allows authenticated attackers to read and modify sensitive system fil...
Dreamer CMS v4.1.3 contains a SQL injection vulnerability in the model-form-management-field form that allows attackers to execute arbitrary SQL commands. This affects all installations using the vuln...
This SQL injection vulnerability in Dreamer CMS 4.0.0 allows attackers to execute arbitrary SQL commands via the tableName parameter. This can lead to unauthorized data access, modification, or deleti...
Dreamer CMS v4.1.3 contains a CSRF vulnerability in the article deletion function that allows attackers to trick authenticated administrators into performing unauthorized deletions. This affects any D...
Dreamer CMS v4.1.3 contains a CSRF vulnerability in the task management execution endpoint (/admin/task/run) that allows attackers to trick authenticated administrators into performing unauthorized ac...
Dreamer CMS v4.1.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the attachment deletion function. This allows attackers to trick authenticated administrators into unknowingly deleting...
Dreamer CMS v4.1.3 contains a CSRF vulnerability in the variable management modification function at /variable/update. This allows attackers to trick authenticated administrators into performing unaut...
Dreamer CMS v4.1.3 contains a CSRF vulnerability in the user addition function at /admin/user/add. This allows attackers to trick authenticated administrators into unknowingly creating new user accoun...
Dreamer CMS v4.1.3 contains an arbitrary file read vulnerability in the TemplateController component that allows attackers to read sensitive files from the server. This affects all systems running the...
This CVE describes a directory traversal vulnerability in itechyou dreamer CMS v4.1.3 that allows remote attackers to execute arbitrary code by manipulating the themePath parameter in the uploaded tem...
CVE-2025-3977 is an improper authorization vulnerability in iteachyou Dreamer CMS that allows attackers to bypass access controls on the attachment download functionality. Attackers can remotely explo...
This vulnerability in iteachyou Dreamer CMS 4.1.3 allows remote attackers to perform path traversal attacks via the /resource/js/ueditor-1.4.3.3 file. This could enable unauthorized access to sensitiv...