| Title | Junnan Wang and his team Dreamer CMS 4.1.3 Common users have administrator rights |
|---|
| Description | As an ordinary account, it should not have the permission to delete attachments, forms and variables, and attackers can delete important files of the system through ordinary accounts.Common users have excessive permissions |
|---|
| Source | ⚠️ https://github.com/sweatxi/BugHub/blob/main/dreamer_Excessive_authority.pdf |
|---|
| User | hexixi (UID 59932) |
|---|
| Submission | 03/22/2024 21:16 (2 years ago) |
|---|
| Moderation | 03/30/2024 07:36 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 258779 [Dreamer CMS up to 4.1.3 Attachment permission] |
|---|
| Points | 16 |
|---|