CVE-2023-45902: CSRF
First published: Tue Oct 17 2023(Updated: )
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dreamer CMS | =4.1.3 | |
| Dreamer CMS | =4.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for Dreamer CMS v4.1.3?
The vulnerability ID for Dreamer CMS v4.1.3 is CVE-2023-45902.
What is the severity of CVE-2023-45902?
The severity of CVE-2023-45902 is high with a CVSS score of 8.8.
How does the CSRF vulnerability in Dreamer CMS v4.1.3 work?
The CSRF vulnerability in Dreamer CMS v4.1.3 allows an attacker to perform unauthorized actions on behalf of a user by tricking them into clicking a malicious link.
What is the affected component in Dreamer CMS v4.1.3?
The affected component in Dreamer CMS v4.1.3 is /admin/attachment/delete.
Is there a fix available for CVE-2023-45902?
Yes, a fix for CVE-2023-45902 is available. It is recommended to update to a patched version of Dreamer CMS.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- vendor/dreamer cms project
- canonical/dreamer cms
- version/dreamer cms/4.1.3
- vendor/iteachyou