Dreamer CMS v4.1.3 exists to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.
iteachyou dreamer cms 4.1.3