CVE-2023-43856 - Vulnerability Details

Vendors	Products
Iteachyou	Dreamer Cms

Link	Providers
http://cms.iteachyou.cc/
http://dreamer.com
https://github.com/yux1azhengye
https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf

Type	Values Removed	Values Added
First Time appeared		Iteachyou Iteachyou dreamer Cms
CPEs	cpe:2.3:a:dreamer_cms_project:dreamer_cms:4.1.3:::::::*	cpe:2.3:a:iteachyou:dreamer_cms:4.1.3:::::::*
Vendors & Products	Dreamer Cms Project Dreamer Cms Project dreamer Cms	Iteachyou Iteachyou dreamer Cms

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-43856", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-24T14:08:41.556Z", "dateReserved": "2023-09-25T00:00:00", "datePublished": "2023-09-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-26T12:19:19.029640"}, "descriptions": [{"lang": "en", "value": "Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://cms.iteachyou.cc/"}, {"url": "http://dreamer.com"}, {"url": "https://github.com/yux1azhengye"}, {"url": "https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.463Z"}, "title": "CVE Program Container", "references": [{"url": "http://cms.iteachyou.cc/", "tags": ["x_transferred"]}, {"url": "http://dreamer.com", "tags": ["x_transferred"]}, {"url": "https://github.com/yux1azhengye", "tags": ["x_transferred"]}, {"url": "https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T14:08:31.749047Z", "id": "CVE-2023-43856", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T14:08:41.556Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2023-43856 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-09-24T14:08:41.556Z (string)

dateReserved : 2023-09-25T00:00:00 (string)

datePublished : 2023-09-26T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-09-26T12:19:19.029640 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : http://cms.iteachyou.cc/ (string)

}

1 : { »

url : http://dreamer.com (string)

}

2 : { »

url : https://github.com/yux1azhengye (string)

}

3 : { »

url : https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T19:52:11.463Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : http://cms.iteachyou.cc/ (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : http://dreamer.com (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://github.com/yux1azhengye (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-09-24T14:08:31.749047Z (string)

id : CVE-2023-43856 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-24T14:08:41.556Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://cms.iteachyou.cc/", "tags": ["x_transferred"]}, {"url": "http://dreamer.com", "tags": ["x_transferred"]}, {"url": "https://github.com/yux1azhengye", "tags": ["x_transferred"]}, {"url": "https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.463Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43856", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-24T14:08:31.749047Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T14:08:35.323Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://cms.iteachyou.cc/"}, {"url": "http://dreamer.com"}, {"url": "https://github.com/yux1azhengye"}, {"url": "https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf"}], "descriptions": [{"lang": "en", "value": "Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-26T12:19:19.029640"}}}, "cveMetadata": {"cveId": "CVE-2023-43856", "state": "PUBLISHED", "dateUpdated": "2024-09-24T14:08:41.556Z", "dateReserved": "2023-09-25T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-09-26T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : http://cms.iteachyou.cc/ (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : http://dreamer.com (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://github.com/yux1azhengye (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T19:52:11.463Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-43856 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-24T14:08:31.749047Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-24T14:08:35.323Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

references : [ »

0 : { »

url : http://cms.iteachyou.cc/ (string)

}

1 : { »

url : http://dreamer.com (string)

}

2 : { »

url : https://github.com/yux1azhengye (string)

}

3 : { »

url : https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : n/a (string)

}

]

}

]

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-09-26T12:19:19.029640 (string)

}

cveMetadata : { »

cveId : CVE-2023-43856 (string)

state : PUBLISHED (string)

dateUpdated : 2024-09-24T14:08:41.556Z (string)

dateReserved : 2023-09-25T00:00:00 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

datePublished : 2023-09-26T00:00:00 (string)

assignerShortName : mitre (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iteachyou:dreamer_cms:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "113EEBC1-2B91-4AE0-995F-E24A4AD607BC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java."}, {"lang": "es", "value": "Se descubri\u00f3 que Dreamer CMS v4.1.3 conten\u00eda una vulnerabilidad de lectura de archivos arbitraria a trav\u00e9s del componente /admin/TemplateController.java."}], "id": "CVE-2023-43856", "lastModified": "2025-04-04T15:15:06.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-27T15:19:34.767", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "http://cms.iteachyou.cc/"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Not Applicable"], "url": "http://dreamer.com"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://github.com/yux1azhengye"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "http://cms.iteachyou.cc/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Not Applicable"], "url": "http://dreamer.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://github.com/yux1azhengye"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:iteachyou:dreamer_cms:4.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 113EEBC1-2B91-4AE0-995F-E24A4AD607BC (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. (string)

}

1 : { »

lang : es (string)

value : Se descubrió que Dreamer CMS v4.1.3 contenía una vulnerabilidad de lectura de archivos arbitraria a través del componente /admin/TemplateController.java. (string)

}

]

id : CVE-2023-43856 (string)

lastModified : 2025-04-04T15:15:06.847 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-09-27T15:19:34.767 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Product (string)

]

url : http://cms.iteachyou.cc/ (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Broken Link (string)

1 : Not Applicable (string)

]

url : http://dreamer.com (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Not Applicable (string)

]

url : https://github.com/yux1azhengye (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Broken Link (string)

]

url : https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Product (string)

]

url : http://cms.iteachyou.cc/ (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Not Applicable (string)

]

url : http://dreamer.com (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Not Applicable (string)

]

url : https://github.com/yux1azhengye (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-552 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object