CVE-2021-25971
published 2021-10-20CVE-2021-25971: In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a…
PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCNINAL
EPSS
0.98%
57.7th percentile
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| camaleon_cms | camaleon_cms | >= 2.0.1 < unspecified | unspecified |
| camaleon_cms | camaleon_cms | >= 2.0.1 < 2.6.0.1 | 2.6.0.1 |
| camaleon_cms | camaleon_cms | unspecified – 2.6.0 | — |
| tuzitio | camaleon_cms | 2.0.1 – 2.6.0 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Camaleon CMS vulnerable to Uncaught Exception
ghsa·2022-05-24
CVE-2021-25971 [MEDIUM] CWE-248 Camaleon CMS vulnerable to Uncaught Exception
Camaleon CMS vulnerable to Uncaught Exception
In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file.
OSV
Camaleon CMS vulnerable to Uncaught Exception
osv·2022-05-24
CVE-2021-25971 [MEDIUM] Camaleon CMS vulnerable to Uncaught Exception
Camaleon CMS vulnerable to Uncaught Exception
In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/owen2345/camaleon-cms/commit/ab89584ab32b98a0af3d711e3f508a1d048147d2https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25971https://github.com/owen2345/camaleon-cms/commit/ab89584ab32b98a0af3d711e3f508a1d048147d2https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25971
2021-10-20
Published