CVE-2023-43382

HIGH

ItechYou Dreamer CMS <4.1.3 - Code Injection

Title source: llm

Description

Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.

Exploits (1)

gitee

writeup

https://gitee.com/iteachyou/dreamer_cms/issues/I821AI

View on gitee

References (3)

[Third Party Advisory] https://aecous.github.io/2023/09/17/Text/?password=Aecous

[Third Party Advisory] https://gist.github.com/Aecous/7c6524859d624c00f4a975ecd5a743a7

[Issue Tracking] https://gitee.com/iteachyou/dreamer_cms/issues/I821AI

Scores

CVSS v3 8.8

EPSS 0.0272

EPSS Percentile 86.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

iteachyou/dreamer_cms 4.1.3

Published Sep 25, 2023

Tracked Since Feb 18, 2026