Camaleon Cms vulnerabilities
11 known vulnerabilities affecting camaleon_cms/camaleon_cms.
Total CVEs
11
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2024-46986P1HIGHPoC≥ 2.8.0, < 2.8.12024-09-18
CVE-2024-46986 [HIGH] CWE-22 Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an
ghsaosv
CVE-2023-30145P2CRITICALPoC≥ 0, < 2.7.42023-05-26
CVE-2023-30145 [CRITICAL] CWE-94 Server-Side Template Injection in Camaleon CMS
Server-Side Template Injection in Camaleon CMS
Camaleon CMS prior to 2.7.4 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the `formats` parameter.
ghsaosv
CVE-2024-46987P2HIGHPoC≥ 0, < 2.8.12024-09-18
CVE-2024-46987 [HIGH] CWE-200 Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions).
In the [download_private_file](https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92
ghsaosv
CVE-2025-2304P3CRITICAL≥ 0, < 2.9.12025-03-14
CVE-2025-2304 [CRITICAL] CWE-915 Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS
When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
ghsaosv
CVE-2026-1776P3HIGHCVSS 7.7≥ 2.4.5.0, ≤ 2.9.12026-03-10
CVE-2026-1776 [HIGH] CWE-22 Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation
Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation
Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality when the app
ghsaosv
CVE-2021-25970P3HIGHCVSS 8.8≥ 0.1.7, < unspecified≥ unspecified, ≤ 2.6.02021-10-20
CVE-2021-25970 [HIGH] CWE-613 CVE-2021-25970: Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin
Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.
ghsanvdosv
CVE-2026-10715P4MEDIUMCVSS 5.1v2.9.22026-06-12
CVE-2026-10715 [MEDIUM] CWE-862 CVE-2026-10715: Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autos
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type//drafts and overwrite the draft associated with another user's post.
nvd
CVE-2021-25969P4MEDIUMCVSS 6.1≥ 0.0.1, < unspecified≥ unspecified, ≤ 2.6.02021-10-20
CVE-2021-25969 [MEDIUM] CWE-79 CVE-2021-25969: In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an un
In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.
ghsanvdosv
CVE-2021-25972P4MEDIUMCVSS 4.9≥ 2.1.2.0, < unspecified≥ unspecified, ≤ 2.6.02021-10-20
CVE-2021-25972 [MEDIUM] CWE-918 CVE-2021-25972: In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in
In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.
ghsanvdosv
CVE-2021-25971P4MEDIUMCVSS 4.3≥ 2.0.1, < unspecified≥ unspecified, ≤ 2.6.02021-10-20
CVE-2021-25971 [MEDIUM] CWE-248 CVE-2021-25971: In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media up
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file
ghsanvdosv
CVE-2024-48652P4MEDIUM≥ 0, ≤ 2.7.52024-10-23
CVE-2024-48652 [MEDIUM] CWE-79 camaleon_cms affected by cross site scripting
camaleon_cms affected by cross site scripting
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
ghsaosv