I6Who7Dreamer

**Name of the Vulnerable Software and Affected Versions** Dreamer CMS versions up to 4.1.3 **Description** A vulnerability was found in the Password Hash Calculation component, specifically affecting the `updatePwd` function of the `UserController.java` file. This issue leads to inefficient algorithmic complexity and can be initiated remotely. **Recommendations** For Dreamer CMS versions up to 4.1.3, it is recommended to upgrade the affected component to resolve the issue. As a temporary workaround, consider restricting access to the `updatePwd` function of the `UserController.java` file until an upgrade is possible.