Home > Vulnerability Database > CVE-2023-4743

Mend.io Vulnerability Database

CVE-2023-4743

Date: September 3, 2023

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238632. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Language: Java

Severity Score

3.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-4743

Url: https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability

Url: https://vuldb.com/?id.238632

Url: https://vuldb.com/?ctiid.238632

Url: https://www.mend.io/vulnerability-database/CVE-2023-4743

Severity Score

3.1

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2023-4743

Date: September 3, 2023

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?