CVE-2024-3118

Description

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3.1 Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weakness Type (CWE)

CWE-275 CWE-275

Affected Products

Vendor	Product	Versions
iteachyou	dreamer_cms	< 4.1.3

References

Other References

https://github.com/sweatxi/BugHub/blob/main/dreamer_Excessive_authority.pdf https://vuldb.com/?ctiid.258779 https://vuldb.com/?id.258779 https://vuldb.com/?submit.303196 https://github.com/sweatxi/BugHub/blob/main/dreamer_Excessive_authority.pdf https://vuldb.com/?ctiid.258779 https://vuldb.com/?id.258779 https://vuldb.com/?submit.303196

Frequently Asked Questions

What is CVE-2024-3118? +

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. It has a CVSS v3.1 base score of 6.3 (MEDIUM).

How severe is CVE-2024-3118? +

CVE-2024-3118 has a CVSS v3.1 score of 6.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2024-3118? +

CVE-2024-3118 affects products from iteachyou, specifically: dreamer_cms. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-3118? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-10941 7.8

A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file …

CVE-2025-58287 7.8

Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-13189 7.3

A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file …

CVE-2025-6765 6.3

A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing …

CVE-2024-11485 6.3

A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue …

CVE-2025-8797 6.3

A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing …