| Title | 石家庄公诚勤朴科技有限公司 Dreamer CMS 4.1.3 File Upload/code execution/xss |
|---|
| Description | Modify filename to achieve any file upload, upload html code, execute, execute xss to obtain other users cooikes, csrf man-in the-middle attack, mount phishing websites and malicious networks |
|---|
| Source | ⚠️ https://github.com/sweatxi/BugHub/blob/main/Dreamer-CMS.pdf |
|---|
| User | hexixi (UID 59932) |
|---|
| Submission | 12/13/2023 06:08 (2 years ago) |
|---|
| Moderation | 12/24/2023 08:57 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 248938 [Dreamer CMS 4.1.3 /upload/uploadFile unrestricted upload] |
|---|
| Points | 16 |
|---|