Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Doramart DoraCMS 3.0.x allows remote file access
CVE-2026-3795
Summary
A flaw in Doramart DoraCMS 3.0.x allows an attacker to access files on the server that they shouldn't be able to. This could lead to sensitive information being stolen or malicious code being executed. Update to the latest version of DoraCMS as soon as possible to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| html-js | doracms | All versions | – |
Original title
A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path ...
Original description
A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-22
Path Traversal
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026