Отправить #497602: iteachyou Dreamer CMS 4.1.3 Remote File InclusionИнформация

Названиеiteachyou Dreamer CMS 4.1.3 Remote File Inclusion
ОписаниеA Remote File Inclusion (RFI) vulnerability exists in the image upload functionality in the article editor (编辑文章) of Dreamer CMS 4.1.3. This vulnerability arises because the application allows users to embed imgs with arbitrary remote src values using the article editor (编辑文章). An attacker can exploit this functionality to force the server to make unauthorized requests to external targets, potentially exposing sensitive information or enabling further attacks.
Источник⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/RemoteFileInclusion-ArticleEditorImageUpload.md
Пользователь
 vastzero (UID 78767)
Представление10.02.2025 17:08 (1 Год назад)
Модерация21.02.2025 11:38 (11 days later)
Статуспринято
Запись VulDB296494 [iteachyou Dreamer CMS 4.1.3 /admin/archives/edit editorValue/answer/content межсайтовый скриптинг]
Баллы20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!