PT-2023-19753 · Unknown · Dreamer Cms
I6Who7Dreamer
·
Publicado
2023-05-02
·
Atualizado
2025-04-04
·
CVE-2023-2473
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Dreamer CMS versions up to 4.1.3
Description
A vulnerability was found in the Password Hash Calculation component, specifically affecting the
updatePwd function of the UserController.java file. This issue leads to inefficient algorithmic complexity and can be initiated remotely.Recommendations
For Dreamer CMS versions up to 4.1.3, it is recommended to upgrade the affected component to resolve the issue. As a temporary workaround, consider restricting access to the
updatePwd function of the UserController.java file until an upgrade is possible.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dreamer Cms