Submit #497603: iteachyou Dreamer CMS 4.1.3 Server-Side Request Forgeryinfo

Titleiteachyou Dreamer CMS 4.1.3 Server-Side Request Forgery
DescriptionA Server-Side Request Forgery (SSRF) vulnerability exists in the iframe embedding functionality in the article editor (编辑文章) of Dreamer CMS 4.1.3. This vulnerability arises because the application allows authenticated backend users to embed iframes with arbitrary src values using the article editor (编辑文章). An authenticated attacker can exploit this functionality to force the server to make unauthorized requests to external targets, potentially exposing sensitive information or enabling further attacks.
Source⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/ServerSideRequestForgery-ArticleEditorIframe.md
User
 vastzero (UID 78767)
Submission02/10/2025 17:10 (1 Year ago)
Moderation02/21/2025 11:38 (11 days later)
StatusDuplicate
VulDB entry296494 [iteachyou Dreamer CMS 4.1.3 /admin/archives/edit editorValue/answer/content cross site scripting]
Points0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!