CVE-2026-3795 is a path traversal vulnerability affecting DoraCMS version 3.0.x. The issue resides in the createFileBypath function located in the /DoraCMS/server/app/router/api/v1.js file. This function improperly sanitizes or validates user-supplied input used to specify file paths, allowing an attacker to manipulate the file path parameter to traverse directories outside the intended scope. By exploiting this flaw, a remote attacker can create or overwrite arbitrary files on the server, potentially leading to unauthorized file access, data leakage, or code execution depending on the server configuration and file permissions. The vulnerability requires no user interaction and no authentication, making it remotely exploitable over the network. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vendor was contacted but has not issued a patch or advisory, and a public exploit is available, increasing the risk of exploitation. This vulnerability is particularly dangerous for organizations running DoraCMS 3.0.x in production environments without mitigations, as it can lead to unauthorized file manipulation and potential further compromise.

The path traversal vulnerability in DoraCMS 3.0.x can have significant impacts on affected organizations. Successful exploitation allows attackers to create or overwrite files anywhere on the server filesystem accessible by the application process. This can lead to unauthorized disclosure of sensitive information, modification or deletion of critical files, and potentially remote code execution if attackers place malicious scripts in web-accessible directories. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the risk of automated attacks. Organizations relying on DoraCMS for content management may face data breaches, service disruptions, and reputational damage. Additionally, the absence of vendor response and patches leaves many systems exposed, increasing the window of vulnerability. The medium CVSS score reflects moderate impact but combined with public exploit availability, the threat is elevated. Attackers could leverage this vulnerability to pivot within networks or establish persistent access, especially in environments with weak file system permissions.

To mitigate CVE-2026-3795, organizations should first identify all DoraCMS 3.0.x instances in their environment and assess exposure. Since no official patch is available, immediate steps include implementing strict input validation and sanitization on the createFileBypath function to prevent directory traversal sequences (e.g., ../). Web application firewalls (WAFs) can be configured to detect and block suspicious path traversal payloads targeting the vulnerable endpoint. Restrict file system permissions for the DoraCMS process to the minimum necessary, preventing unauthorized file creation or modification outside designated directories. Network segmentation and limiting external access to DoraCMS administrative interfaces reduce exposure. Monitoring logs for unusual file creation or access patterns can help detect exploitation attempts. Organizations should also engage with the DoraCMS community or consider upgrading to newer versions if available. Finally, prepare incident response plans to quickly address potential compromises stemming from this vulnerability.