जमा करें #497602: iteachyou Dreamer CMS 4.1.3 Remote File Inclusionजानकारी

शीर्षकiteachyou Dreamer CMS 4.1.3 Remote File Inclusion
विवरणA Remote File Inclusion (RFI) vulnerability exists in the image upload functionality in the article editor (编辑文章) of Dreamer CMS 4.1.3. This vulnerability arises because the application allows users to embed imgs with arbitrary remote src values using the article editor (编辑文章). An attacker can exploit this functionality to force the server to make unauthorized requests to external targets, potentially exposing sensitive information or enabling further attacks.
स्रोत⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/RemoteFileInclusion-ArticleEditorImageUpload.md
उपयोगकर्ता
 vastzero (UID 78767)
सबमिशन10/02/2025 05:08 PM (1 वर्ष पहले)
संयम21/02/2025 11:38 AM (11 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि296494 [iteachyou Dreamer CMS 4.1.3 /admin/archives/edit editorValue/answer/content क्रॉस साइट स्क्रिप्टिंग]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!