cbcvebase.
CVE-2024-46987
published 2024-09-18

CVE-2024-46987: Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's…

PriorityP261high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EXPLOIT
EPSS
14.56%
96.2th percentile
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected

5 ranges
VendorProductVersion rangeFixed in
camaleon_cmscamaleon_cms>= 0 < 2.8.12.8.1
camaleon_cmscamaleon_cms2.4.5.0 – 2.9.1
owen2345camaleon_cms2.4.5.0 – 2.9.0
tuzitiocamaleon_cms2.4.5 – 2.9.0
tuzitiocamaleon_cms>= 2.8.0 < 2.8.22.8.2

Detection & IOCsextracted from sources · hover to see the quote

pathauxiliary/gather/camaleon_download_private_file
  • Monitor HTTP requests to the download_private_file endpoint for directory traversal sequences (e.g., '../') in the 'file' parameter, particularly on deployments using the CamaleonCmsAwsUploader backend.
  • Any authenticated user (including low-privileged registered users) can exploit this vulnerability — do not restrict detection scope to admin sessions.
  • A public Metasploit auxiliary module (gather/camaleon_download_private_file) and an Exploit-DB PoC (52531) exist for this CVE; expect automated exploitation attempts against Camaleon CMS instances.
  • ·The path traversal bypass only affects deployments using the AWS S3 storage backend (CamaleonCmsAwsUploader). Deployments using the local uploader are protected by the existing valid_folder_path? check and are not vulnerable to this specific bypass.
  • ·This issue is a bypass of the incomplete fix for CVE-2024-46987 and affects Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e.
  • ·The Metasploit module targets Camaleon CMS versions <= 2.8.0 and 2.9.0 specifically; version scoping should be applied when triaging alerts.

CVSS provenance

nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
ghsa7.7HIGH
osv7.7HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.