Lucene search
MendCVELIST:CVE-2021-25971HistoryOct 20, 2021 - 11:55 a.m.
CVE-2021-25971 Camaleon CMS - SVG File Upload Creates DoS for Media Upload Feature
2021-10-2011:55:17
CWE-248
Mend
www.cve.org
3
camaleon cms
svg file upload
dos
vulnerability
media upload
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
AI Score
4.8
Confidence
High
EPSS
0.001
Percentile
32.8%
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app’s media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file
CNA Affected
[
{
"product": "camaleon_cms",
"vendor": "camaleon_cms",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.0.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2021-25971
2021-10-20 12:15:07
Camaleon CMS vulnerable to Uncaught Exception
2022-05-24 19:18:05
veracode
veracode
Improper Error Handling
2021-10-21 06:02:16
rubygems
rubygems
Camaleon CMS vulnerable to Uncaught Exception
2022-05-23 21:00:00
prion
prion
Design/Logic Flaw
2021-10-20 12:15:00
cve
cve
CVE-2021-25971
2021-10-20 12:15:07
github
github
Camaleon CMS vulnerable to Uncaught Exception
2022-05-24 19:18:05
nvd
nvd
CVE-2021-25971
2021-10-20 12:15:07
cnvd
cnvd
CamaleonCMS Denial of Service Vulnerability
2021-10-24 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
AI Score
4.8
Confidence
High
EPSS
0.001
Percentile
32.8%
Related for CVELIST:CVE-2021-25971