22 matches found
CVE-2026-2556
A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack may be...
CVE-2026-2557
CVE-2026-2557 affects cskefu up to 8.0.1. The vulnerability is in the Upload function of MediaController.java (package com/cskefu/cc/controller/resource/MediaController.java) where the file upload path allows cross-site scripting. The issue is triggered remotely and exploit code is public (PoC). ...
PT-2026-8343
A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack may be...
CVE-2025-10471
ZKEACMS 4.3 is affected by a server-side request forgery in the Proxy function of src/ZKEACMS/Controllers/MediaController.cs. Manipulating the url argument enables remote exploitation, and public exploits exist. Impact is SSRF with potential access to internal resources; CVSS specifics vary by so...
CVE-2025-4258
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted...
Remote Code Execution
Camaleon CMS is vulnerable to Remote Code Execution. The vulnerability is due to insufficient path validation in the MediaController class, allowing attackers, after taking over an administrator account, to delete arbitrary files or folders. Additionally, the cropurl action may allow arbitrary fi...
GHSA-3HP8-6J24-M5GM Duplicate Advisory: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7x4w-cj9r-h4v9. This link is maintained to preserve external references. Original Description The actions defined inside of the MediaController class do not check whether a given path is inside a certain path e....
Duplicate Advisory: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7x4w-cj9r-h4v9. This link is maintained to preserve external references. Original Description The actions defined inside of the MediaController class do not check whether a given path is inside a certain path e....
Remote Code Execution
Camaleon CMS is vulnerable to Remote Code Execution. The vulnerability is due to missing path validation in the MediaController class, allowing an attacker to delete arbitrary files or folders. Additionally, the cropurl action may allow arbitrary file writes by any authenticated user, though it...
CVE-2024-46987
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on depending on the file...
CVE-2024-46987 Arbitrary path traversal in Camaleon CMS
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on depending on the file...
CVE-2024-46987 Arbitrary path traversal in Camaleon CMS
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on depending on the file...
CVE-2024-46987
CVE-2024-46987 affects Camaleon CMS (Ruby on Rails). A path traversal flaw exists in the MediaController download_private_file endpoint, where the file parameter is not properly sanitized, allowing an authenticated user to read arbitrary server files (information disclosure). Affected versions ar...
CVE-2024-46986
Camaleon CMS (Ruby on Rails) has an authenticated arbitrary file write vulnerability in the MediaController upload flow that lets an attacker write files to arbitrary server paths (depending on filesystem permissions). A crafted payload can place a Ruby file under config/initializers, potentially...
CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
The actions defined inside of the MediaController class do not check whether a given path is inside a certain path e.g. inside the media folder. If an attacker performed an account takeover of an administrator account See: GHSL-2024-184 they could delete arbitrary files or folders on the server...
GHSA-CP65-5M9R-VC2C Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on depending on the file permissions. In the downloadprivatefile method: ruby def downloadprivatefile...
GHSA-WMJG-VQHV-Q5P5 Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...
PT-2024-32320 · Unknown · Ruby On Rails +1
Name of the Vulnerable Software and Affected Versions: Camaleon CMS versions prior to 2.8.2 Description: An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS...