MEDIUM🇵🇱 Wersja polska

CVE-2026-3794

CVSS 5.5v4.0pub. 2026-03-09upd. 2026-04-29

A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Html Js Doracms

    APP
    Html-Js
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-51840CRITICAL9.8PL ✓ten sam produkt

DoraCMS 2.1.8 — użycie zakodowanego na stałe klucza kryptograficznego

CVE-2023-49443CRITICAL9.8PL ✓ten sam produkt

DoraCMS – podatność na atak brute-force przez ponowne użycie kodu weryfikacyjnego

CVE-2022-35147CRITICAL9.8ten sam produkt

DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.

CVE-2024-28715HIGH8.8ten sam produkt

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary ...

CVE-2020-18220HIGH7.5ten sam produkt

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as i...