CVE-2023-27084

low-risk

Published 2023-03-16

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

LOCAL / HIGH complexity

Affected Products (1)

Dreamer Cms

Affected Vendors

Iteachyou

References (4)

Broken Link https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN

Exploit https://github.com/iteachyou-wjn/dreamer_cms/issues/9

Broken Link https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN

Exploit https://github.com/iteachyou-wjn/dreamer_cms/issues/9

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal