CVE-2025-3977 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality…
Medium CVSS: 5.3

CVE-2025-3977

A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Vendor
Iteachyou
Product
Dreamer Cms
CWE
CWE-266
Yayın Tarihi
2025-04-27 17:15:15
Güncelleme
2025-05-12 19:07:01
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-266 Dreamer Cms MEDIUM Iteachyou 2025

Referanslar

https://gitee.com/iteachyou/dreamer_cms/issues/IC13O1 https://vuldb.com/?ctiid.306313 https://vuldb.com/?id.306313 https://vuldb.com/?submit.557639 https://gitee.com/iteachyou/dreamer_cms/issues/IC13O1