CVE-2023-43382

CVE-2023-43382

EPSS 1.5%

Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://aecous.github.io/2023/09/17/Text/?password=Aecous https://gist.github.com/Aecous/7c6524859d624c00f4a975ecd5a743a7 https://gitee.com/iteachyou/dreamer_cms/issues/I821AI