提出 #497602: iteachyou Dreamer CMS 4.1.3 Remote File Inclusion情報

タイトルiteachyou Dreamer CMS 4.1.3 Remote File Inclusion
説明A Remote File Inclusion (RFI) vulnerability exists in the image upload functionality in the article editor (编辑文章) of Dreamer CMS 4.1.3. This vulnerability arises because the application allows users to embed imgs with arbitrary remote src values using the article editor (编辑文章). An attacker can exploit this functionality to force the server to make unauthorized requests to external targets, potentially exposing sensitive information or enabling further attacks.
ソース⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/RemoteFileInclusion-ArticleEditorImageUpload.md
ユーザー
 vastzero (UID 78767)
送信2025年02月10日 17:08 (1 年 ago)
モデレーション2025年02月21日 11:38 (11 days later)
ステータス承諾済み
VulDBエントリ296494 [iteachyou Dreamer CMS 4.1.3 /admin/archives/edit editorValue/answer/content クロスサイトスクリプティング]
ポイント20

Do you know our Splunk app?

Download it now for free!