| 제목 | iteachyou Dreamer CMS 4.1.3 Remote File Inclusion |
|---|
| 설명 | A Remote File Inclusion (RFI) vulnerability exists in the image upload functionality in the article editor (编辑文章) of Dreamer CMS 4.1.3. This vulnerability arises because the application allows users to embed imgs with arbitrary remote src values using the article editor (编辑文章). An attacker can exploit this functionality to force the server to make unauthorized requests to external targets, potentially exposing sensitive information or enabling further attacks. |
|---|
| 원천 | ⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/RemoteFileInclusion-ArticleEditorImageUpload.md |
|---|
| 사용자 | vastzero (UID 78767) |
|---|
| 제출 | 2025. 02. 10. PM 05:08 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 02. 21. AM 11:38 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 296494 [iteachyou Dreamer CMS 4.1.3 /admin/archives/edit editorValue/answer/content 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|