CVE-2026-3795 | doramart DoraCMS 3.0.x v1.js createFileBypath path traversal

Inserito da Angelo Barbosa | Mar 8, 2026 | CVE

A vulnerability classified as critical has been found in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal.

This vulnerability is identified as CVE-2026-3795. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3795 | doramart DoraCMS 3.0.x v1.js createFileBypath path traversal

Post correlati

CVE-2024-1121 | Advanced Forms for ACF Plugin up to 1.9.3.2 on WordPress Form Setting Export authorization

CVE-2025-13260 | Campcodes Supplier Management System 1.0 edit_product.php cmbProductUnit sql injection

CVE-2024-55975 | Rohit Urane Dr Affiliate Plugin up to 1.2.3 on WordPress sql injection

CVE-2024-36047 | Infoblox NIOS up to 8.6.4/9.0.3 input validation