CVE-2023-2473

Name of the Vulnerable Software and Affected Versions Dreamer CMS versions up to 4.1.3

Description A vulnerability was found in the Password Hash Calculation component, specifically affecting the updatePwd function of the UserController.java file. This issue leads to inefficient algorithmic complexity and can be initiated remotely.

Recommendations For Dreamer CMS versions up to 4.1.3, it is recommended to upgrade the affected component to resolve the issue. As a temporary workaround, consider restricting access to the updatePwd function of the UserController.java file until an upgrade is possible.