提交 #497602: iteachyou Dreamer CMS 4.1.3 Remote File Inclusion信息

标题iteachyou Dreamer CMS 4.1.3 Remote File Inclusion
描述A Remote File Inclusion (RFI) vulnerability exists in the image upload functionality in the article editor (编辑文章) of Dreamer CMS 4.1.3. This vulnerability arises because the application allows users to embed imgs with arbitrary remote src values using the article editor (编辑文章). An attacker can exploit this functionality to force the server to make unauthorized requests to external targets, potentially exposing sensitive information or enabling further attacks.
来源⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/RemoteFileInclusion-ArticleEditorImageUpload.md
用户
 vastzero (UID 78767)
提交2025-02-10 17時08分 (1 年前)
管理2025-02-21 11時38分 (11 days later)
状态已接受
VulDB条目296494 [iteachyou Dreamer CMS 4.1.3 /admin/archives/edit editorValue/answer/content 跨网站脚本]
积分20

Do you want to use VulDB in your project?

Use the official API to access entries easily!