CVE-2023-2473

Published: May 2, 2023Modified: Apr 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD (Secondary)

Description

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860.

Affected (1)

Products: Iteachyou: Dreamer Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Iteachyou Dreamer Cms	Up to 4.1.3

Related CWEs

Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References (6)

https://gitee.com/isoftforce/dreamer_cms/issues/I6WHO7

Source: cna@vuldb.com

Issue Tracking

https://vuldb.com/?ctiid.227860

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.227860

Source: cna@vuldb.com

VDB Entry

https://gitee.com/isoftforce/dreamer_cms/issues/I6WHO7

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://vuldb.com/?ctiid.227860

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVDB Entry

https://vuldb.com/?id.227860

Source: af854a3a-2127-422b-91ae-364da2661108

VDB Entry

Timeline

No history available yet.