Submeter #497602: iteachyou Dreamer CMS 4.1.3 Remote File Inclusioninformação

Títuloiteachyou Dreamer CMS 4.1.3 Remote File Inclusion
DescriçãoA Remote File Inclusion (RFI) vulnerability exists in the image upload functionality in the article editor (编辑文章) of Dreamer CMS 4.1.3. This vulnerability arises because the application allows users to embed imgs with arbitrary remote src values using the article editor (编辑文章). An attacker can exploit this functionality to force the server to make unauthorized requests to external targets, potentially exposing sensitive information or enabling further attacks.
Fonte⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/RemoteFileInclusion-ArticleEditorImageUpload.md
Utilizador
 vastzero (UID 78767)
Submissão10/02/2025 17h08 (há 1 Ano)
Moderação21/02/2025 11h38 (11 days later)
EstadoAceite
Entrada VulDB296494 [iteachyou Dreamer CMS 4.1.3 /admin/archives/edit editorValue/answer/content Script de Site Cruzado]
Pontos20

Want to know what is going to be exploited?

We predict KEV entries!