Lucene search
GoogleOSV:GHSA-VX6P-Q4GJ-X6XXHistoryMay 24, 2022 - 7:18 p.m.
Camaleon CMS vulnerable to Server-Side Request Forgery
2022-05-2419:18:04
Google
osv.dev
7
camaleon cms
ssrf
vulnerability
media upload
admin users
external urls
internal servers
EPSS
0.001
Percentile
27.0%
In Camaleon CMS, versions 2.1.2.0 through 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.
References
github.com/owen2345/camaleon-cms
github.com/owen2345/camaleon-cms/commit/5a252d537411fdd0127714d66c1d76069dc7e190
github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2021-25972.yml
nvd.nist.gov/vuln/detail/CVE-2021-25972
www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25972
Related
cve
cve
CVE-2021-25972
2021-10-20 12:15:07
rubygems
rubygems
Camaleon CMS vulnerable to Server-Side Request Forgery
2022-05-23 21:00:00
github
github
Camaleon CMS vulnerable to Server-Side Request Forgery
2022-05-24 19:18:04
prion
prion
Server side request forgery (ssrf)
2021-10-20 12:15:00
cvelist
cvelist
osv
osv
CVE-2021-25972
2021-10-20 12:15:07
cnvd
cnvd
CamaleonCMS server-side request forgery vulnerability
2021-10-24 00:00:00
nvd
nvd
CVE-2021-25972
2021-10-20 12:15:07