CVE-2023-48020
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-48020 is a newly disclosed Cross-Site Request Forgery (CSRF) vulnerability affecting Dreamer CMS version 4.1.3. An attacker can exploit this flaw by making unauthorized requests to the /admin/task/changeStatus endpoint, potentially leading to unintended changes to system configurations or data. Successful exploitation does not require user interaction or knowledge of the victim's session cookies, making it a significant security risk. System administrators are advised to update their Dreamer CMS installations to the latest version to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.