Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.14 views

CVE-2026-1776

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

7.7CVSS5.8AI score0.1456EPSS
Exploits11References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 9:8 p.m.8 views

CVE-2026-1776

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

7.7CVSS5.8AI score0.1456EPSS
Exploits11References5Affected Software1
CVE
CVE
added 2026/03/09 9:8 p.m.111 views

CVE-2026-1776

Camaleon CMS CVE-2026-1776 affects versions 2.4.5.0–2.9.0 prior to commit f54a77e, with a path traversal vulnerability in the CamaleonCmsAwsUploader AWS S3 backend. Authenticated users can trigger download_private_file to bypass path validation (valid_folder_path?) and read arbitrary files on the...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.7 views

PT-2026-24112

Name of the Vulnerable Software and Affected Versions Camaleon CMS versions 2.4.5.0 through 2.9.0 Description Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, have a path traversal issue in the AWS S3 uploader implementation. Authenticated users can read arbitrary files from...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References13
Rows per page
Query Builder