CVE-2024-3118

Published: Mar 31, 2024Modified: Apr 4, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Iteachyou: Dreamer Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Iteachyou Dreamer Cms	Up to 4.1.3

Related CWEs

References (8)

https://github.com/sweatxi/BugHub/blob/main/dreamer_Excessive_authority.pdf

Source: cna@vuldb.com

Broken Link

https://vuldb.com/?ctiid.258779

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.258779

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.303196

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/sweatxi/BugHub/blob/main/dreamer_Excessive_authority.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://vuldb.com/?ctiid.258779

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVDB Entry

https://vuldb.com/?id.258779

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.303196

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.