CVE-2023-2473

MEDIUM

Dreamer CMS <4.1.3 - Info Disclosure

Title source: llm

Description

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860.

References (3)

[VDB Entry] https://vuldb.com/?id.227860

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.227860

[Issue Tracking] https://gitee.com/isoftforce/dreamer_cms/issues/I6WHO7

Scores

CVSS v3 4.3

EPSS 0.0006

EPSS Percentile 19.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-407

Status published

Products (1)

iteachyou/dreamer_cms < 4.1.3

Published May 02, 2023

Tracked Since Feb 18, 2026