Lucene search
K

7 matches found

EUVD
EUVD
added 2026/03/10 9:31 a.m.4 views

EUVD-2026-10361

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

7.7CVSS5.8AI score0.1456EPSS
Exploits11References5
Github Security Blog
Github Security Blog
added 2026/03/10 9:31 a.m.15 views

Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/03/10 7:38 a.m.8 views

CVE-2026-1776

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6.5CVSS0.00732EPSS
Exploits0References4
RubySec
RubySec
added 2026/03/10 12:0 a.m.58 views

Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6.5CVSS5.7AI score0.00732EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 9:8 p.m.115 views

CVE-2026-1776

Camaleon CMS CVE-2026-1776 affects versions 2.4.5.0–2.9.0 prior to commit f54a77e, with a path traversal vulnerability in the CamaleonCmsAwsUploader AWS S3 backend. Authenticated users can trigger download_private_file to bypass path validation (valid_folder_path?) and read arbitrary files on the...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/02/22 2:26 p.m.375 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms

CVE-2024-46987 — Camaleon CMS Arbitrary Path Traversal Fo...

7.7CVSS5.7AI score0.1456EPSS
Exploits11
Snyk
Snyk
added 2024/09/18 3:46 p.m.8 views

Path Traversal

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Path Traversal via the downloadprivatefile method. An attacker can access sensitive files on the server by manipulati...

7.7CVSS5.4AI score0.1456EPSS
Exploits11References2
Rows per page
Query Builder