CVE-2026-3795

CRITICAL WAF: High

CVSS 9.8 Published: 2026-03-09

CWE-22

A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

WAF Coverage Analysis

Path Traversal High WAF Coverage

OWASP: A01:2021 Broken Access Control

930xxx - Local File Inclusion

Affected Software

Vendor	Product	Version
html-js	doracms	-

References

vuldb.com (Permissions Required, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Exploit, Third Party Advisory, VDB Entry)

Back to CVE Database