MEDIUM🇬🇧 English

CVE-2026-3794

CVSS 5.5v4.0pub. 2026-03-09upd. 2026-04-29

A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Html Js Doracms

    APP
    Html-Js
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2023-51840CRITICAL9.8PL ✓ten sam produkt

DoraCMS 2.1.8 — użycie zakodowanego na stałe klucza kryptograficznego

CVE-2023-49443CRITICAL9.8PL ✓ten sam produkt

DoraCMS – podatność na atak brute-force przez ponowne użycie kodu weryfikacyjnego

CVE-2022-35147CRITICAL9.8ten sam produkt

DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.

CVE-2024-28715HIGH8.8ten sam produkt

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary ...

CVE-2020-18220HIGH7.5ten sam produkt

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as i...