Primary

Context

Camaleon CMS Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability through mass assignment has been identified in Camaleon CMS. This issue arises in the 'updated_ajax' method of the UsersController, where the permit! method is used without proper parameter filtering. As a result, an attacker can exploit this vulnerability by including the role attribute in the request, potentially allowing a user with limited privileges to gain administrative rights.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users with limited rights to gain administrative access.

Remediation

Users are advised to upgrade to Camaleon CMS version 2.9.1 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Camaleon CMS Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating