CVE-2023-27084

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-27084
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN Broken Link
https://github.com/iteachyou-wjn/dreamer_cms/issues/9 Exploit Issue Tracking Third Party Advisory
https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN Broken Link
https://github.com/iteachyou-wjn/dreamer_cms/issues/9 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:iteachyou:dreamer_cms:4.0.1:*:*:*:*:*:*:*
History

04 Apr 2025, 15:15

Type Values Removed Values Added
First Time Iteachyou dreamer Cms
Iteachyou
CPE cpe:2.3:a:dreamer_cms_project:dreamer_cms:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:iteachyou:dreamer_cms:4.0.1:*:*:*:*:*:*:*

21 Nov 2024, 07:52

Type Values Removed Values Added
References () https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN - Broken Link () https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN - Broken Link
References () https://github.com/iteachyou-wjn/dreamer_cms/issues/9 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/iteachyou-wjn/dreamer_cms/issues/9 - Exploit, Issue Tracking, Third Party Advisory

22 Mar 2023, 15:17

Type Values Removed Values Added
CWE CWE-732
References (MISC) https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN - (MISC) https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN - Broken Link
References (MISC) https://github.com/iteachyou-wjn/dreamer_cms/issues/9 - (MISC) https://github.com/iteachyou-wjn/dreamer_cms/issues/9 - Exploit, Issue Tracking, Third Party Advisory
First Time Dreamer Cms Project dreamer Cms
Dreamer Cms Project
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
CPE cpe:2.3:a:dreamer_cms_project:dreamer_cms:4.0.1:*:*:*:*:*:*:*
Information

Published : 2023-03-16 02:15

Updated : 2025-04-04 15:15

NVD link : CVE-2023-27084

Mitre link : CVE-2023-27084

CVE.ORG link : CVE-2023-27084

JSON object : View

Products Affected

iteachyou

  • dreamer_cms
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource