An issue exists in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete.
dreamer cms project dreamer cms 4.1.3