VDB-238632 · CVE-2023-4743 · GCVE-100-238632

Dreamer CMS ଯେପର୍ଯ୍ୟନ୍ତ 4.1.3 ueditorConfig?action=config ବିସ୍ତାରିତ ଅଧିକାର

Dogoggorri kan akka ସମସ୍ୟାଜନକ jedhamuun ramadame Dreamer CMS ଯେପର୍ଯ୍ୟନ୍ତ 4.1.3 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii /upload/ueditorConfig?action=config keessa. Hojii jijjiirraa gara ବିସ୍ତାରିତ ଅଧିକାର geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-552 geessa. Dadhabbii kana yeroo 09/03/2023 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2023-4743tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. VulDB is the best source for vulnerability data and more expert information about this specific topic.

4 ଆଡାପ୍ଟେସନ୍ · 95 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 09/03/2023 08:40 AM	ଅଦ୍ୟତନ 1/3 09/29/2023 07:47 PM	ଅଦ୍ୟତନ 2/3 09/29/2023 07:53 PM	ଅଦ୍ୟତନ 3/3 04/05/2025 03:49 AM
advisory_date	1693692000 (09/03/2023)	1693692000 (09/03/2023)	1693692000 (09/03/2023)	1693692000 (09/03/2023)
software_type	Content Management System	Content Management System	Content Management System	Content Management System
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	H	H	H	H
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	N	N	N	N
cvss2_vuldb_ai	N	N	N	N
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss2_vuldb_basescore	2.1	2.1	2.1	2.1
cvss2_vuldb_tempscore	1.8	1.8	1.8	1.8
cvss3_vuldb_basescore	3.1	3.1	3.1	3.1
cvss3_vuldb_tempscore	2.8	2.8	2.8	2.8
cvss3_meta_basescore	3.1	3.1	3.7	3.7
cvss3_meta_tempscore	2.8	2.8	3.6	3.6
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
software_vendor	Dreamer	Dreamer	Dreamer	Dreamer
software_name	CMS	CMS	CMS	CMS
software_version	<=4.1.3	<=4.1.3	<=4.1.3	<=4.1.3
software_file	/upload/ueditorConfig?action=config	/upload/ueditorConfig?action=config	/upload/ueditorConfig?action=config	/upload/ueditorConfig?action=config
vulnerability_cwe	CWE-552 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-552 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-552 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-552 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	1	1	1	1
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	H	H	H	H
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	N	N	N	N
cvss3_vuldb_a	N	N	N	N
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability	https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability	https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability	https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability	https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability	https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability	https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability
source_cve	CVE-2023-4743	CVE-2023-4743	CVE-2023-4743	CVE-2023-4743
cna_responsible	VulDB	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cve_assigned		1693692000 (09/03/2023)	1693692000 (09/03/2023)	1693692000 (09/03/2023)
cve_nvd_summary		A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238632. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238632. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238632. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
cvss3_nvd_av			N	N
cvss3_nvd_ac			H	H
cvss3_nvd_pr			N	N
cvss3_nvd_ui			N	N
cvss3_nvd_s			U	U
cvss3_nvd_c			L	L
cvss3_nvd_i			L	L
cvss3_nvd_a			N	N
cvss2_nvd_av			N	N
cvss2_nvd_ac			H	H
cvss2_nvd_au			S	S
cvss2_nvd_ci			P	P
cvss2_nvd_ii			N	N
cvss2_nvd_ai			N	N
cvss3_cna_av			N	N
cvss3_cna_ac			H	H
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			N	N
cvss3_cna_a			N	N
cve_cna			VulDB	VulDB
cvss2_nvd_basescore			2.1	2.1
cvss3_nvd_basescore			4.8	4.8
cvss3_cna_basescore			3.1	3.1
cve_nvd_summaryes				Se encontró una vulnerabilidad en Dreamer CMS hasta 4.1.3. Ha sido clasificado como problemático. Una función desconocida del archivo /upload/ueditorConfig?action=config es afectada por esta vulnerabilidad. La manipulación conduce a archivos o directorios accesibles. Es posible lanzar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es difícil. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-238632. NOTA: Se contactó primeramente al proveedor sobre esta divulgación, pero no respondió de ninguna manera.
cvss2_cna_av				N
cvss2_cna_ac				H
cvss2_cna_au				S
cvss2_cna_ci				P
cvss2_cna_ii				N
cvss2_cna_ai				N
cvss2_cna_basescore				2.1
cvss4_vuldb_av				N
cvss4_vuldb_ac				H
cvss4_vuldb_pr				L
cvss4_vuldb_ui				N
cvss4_vuldb_vc				L
cvss4_vuldb_vi				N
cvss4_vuldb_va				N
cvss4_vuldb_e				P
cvss4_vuldb_at				N
cvss4_vuldb_sc				N
cvss4_vuldb_si				N
cvss4_vuldb_sa				N
cvss4_vuldb_bscore				2.3
cvss4_vuldb_btscore				1.3

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you need the next level of professionalism?

Upgrade your account now!