CVE-2023-30145
published 2023-05-26CVE-2023-30145: Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
46.14%
98.7th percentile
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| camaleon_cms | camaleon_cms | >= 0 < 2.7.4 | 2.7.4 |
| tuzitio | camaleon_cms | <= 2.7.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to /admin/media/upload containing template expression syntax (e.g., {{ }}, <%= %>, or similar) in the 'formats' multipart form-data field, which is the vulnerable parameter. ↗
- →Alert on HTTP 200 responses to /admin/media/upload where the response body contains 'File format not allowed' followed by numeric output or command output (e.g., /etc/passwd content), indicating successful SSTI evaluation. ↗
- →Detect multipart/form-data POST requests to /admin/media/upload where the 'formats' field contains template injection characters or arithmetic expressions rather than a legitimate file extension value. ↗
- →The exploit uses X-Requested-With: XMLHttpRequest header alongside the malicious upload request; correlate this with anomalous 'formats' field values as a combined detection signal. ↗
- →Response body leaking /etc/passwd content (e.g., 'root:x:0:0:root:/root:/bin/bash') within a 'File format not allowed (...)' message is a high-confidence indicator of successful SSTI RCE exploitation. ↗
- ·The vulnerability is confirmed in Camaleon CMS v2.7.0 and all versions below it; exploitation requires authenticated access to the admin panel (/admin/media/upload). ↗
- ·All versions below 2.7.0 are also affected, broadening the detection scope beyond just the 2.7.0 release. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Server-Side Template Injection in Camaleon CMS
ghsa·2023-05-26
CVE-2023-30145 [CRITICAL] CWE-94 Server-Side Template Injection in Camaleon CMS
Server-Side Template Injection in Camaleon CMS
Camaleon CMS prior to 2.7.4 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the `formats` parameter.
OSV
Server-Side Template Injection in Camaleon CMS
osv·2023-05-26
CVE-2023-30145 [CRITICAL] Server-Side Template Injection in Camaleon CMS
Server-Side Template Injection in Camaleon CMS
Camaleon CMS prior to 2.7.4 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the `formats` parameter.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.htmlhttps://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injectionhttps://drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_linkhttps://github.com/paragbagul111/CVE-2023-30145https://portswigger.net/research/server-side-template-injectionhttp://packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.htmlhttps://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injectionhttps://drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_linkhttps://github.com/paragbagul111/CVE-2023-30145https://portswigger.net/research/server-side-template-injection
2023-05-26
Published