CVE-2026-3795

MEDIUM

DoraCMS 3.0.x - Path Traversal

Title source: llm

Description

A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References (3)

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349762

[Permissions Required, VDB Entry] https://vuldb.com/?id.349762

[Permissions Required, VDB Entry] https://vuldb.com/?submit.768241

Scores

CVSS v3 6.3

EPSS 0.0006

EPSS Percentile 17.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-22

Status draft

Timeline

Published Mar 09, 2026

Tracked Since Mar 09, 2026