CVE-2026-3795

MEDIUM

doramart DoraCMS 3.0.x - Path Traversal via createFileBypath Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-3795. PoCs published by LTX-GOD.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2026-3795, which involves an arbitrary file read and exfiltration vulnerability in DoraCMS 3.0.0. The exploit leverages the `/api/v1/files/path` endpoint to read local files and upload them to cloud storage (Qiniu/OSS), allowing remote attackers to exfiltrate sensitive data.

Description

A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

github WORKING POC 2 stars

by LTX-GOD · poc

https://github.com/LTX-GOD/Mycve/tree/main/doracms2-CVE-2026-3795.md

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2026-3795, which involves an arbitrary file read and exfiltration vulnerability in DoraCMS 3.0.0. The exploit leverages the `/api/v1/files/path` endpoint to read local files and upload them to cloud storage (Qiniu/OSS), allowing remote attackers to exfiltrate sensitive data.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: DoraCMS 3.0.0

Auth required

Prerequisites: Valid user token with userId · DoraCMS configured with Qiniu or OSS storage

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 11, 2026 Full analysis →

References (3)

Core 3

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.349762

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.349762

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.768241

Scores

CVSS v3 6.3

EPSS 0.0066

EPSS Percentile 46.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

doramart/DoraCMS 3.0.*

html-js/doracms

Published Mar 09, 2026

Tracked Since Mar 09, 2026