GoogleOSV:GHSA-X487-866M-P8HRServer-Side Template Injection in Camaleon CMS
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
86.8%
Camaleon CMS prior to 2.7.4 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
References
packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.html
book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_link
github.com/owen2345/camaleon-cms
github.com/owen2345/camaleon-cms/commit/4485788c544eb1aae52ca613bd9626129e3df6ee
github.com/owen2345/camaleon-cms/issues/1052
github.com/owen2345/camaleon-cms/releases/tag/2.7.4
github.com/paragbagul111/CVE-2023-30145
github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2023-30145.yml
nvd.nist.gov/vuln/detail/CVE-2023-30145
portswigger.net/research/server-side-template-injection
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
86.8%