Vulnerabilities

CVE-2025-2304

by Fred · 14/03/2025

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS

When a user wishes to change his password, the ‘updated_ajax’ method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

More information : https://github.com/owen2345/camaleon-cms

Similar

Tags: Cybersecurity Alert