150 matches found
Camaleon CMS < 2.8.1 Arbitrary File Write to RCE
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a remote...
CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...
📄 Camaleon CMS 2.9.0 Path Traversal
Camaleon CMS version 2.9.0 suffers from a path traversal vulnerability. Exploit Title: Camaleon CMS v2.9.0 - Path Traversal Date: 2026-02-02 Exploit Author: Sakshi Velampudi CyberQuestor Vendor Homepage: https://github.com/owen2345/camaleon-cms Software Link:...
Metasploit Wrap-Up 04/25/2026
Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability but instead to determine if the target is vulnerable. Metasploit tries to be very conservative with classifying a target as “vulnerable”...
CVE-2026-1776
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...
EUVD-2026-10361
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...
GHSA-JW5G-F64P-6X78 Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation
Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...
Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation
Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...
CVE-2026-1776 Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...
CVE-2026-1776
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms
CVE-2024-46987 — Camaleon CMS Arbitrary Path Traversal Fo...
Exploit for CVE-2025-2304
CVE-2025-2304-Camaleon-C...
Exploit for CVE-2025-2304
CVE-2025-2304 - Camaleon CMS 2.9.0 - Privilege Escalation Expl...
Exploit for CVE-2025-2304
Exploit-for-CVE-2025-2304 usage: exploit.py -h --url URL --...
Exploit for Path Traversal in Tuzitio Camaleon_Cms
Exploit-for-CVE-2024-46987 Exploit for CVE-2024-46987 usage:...
Exploit for CVE-2025-2304
Camaleon CMS 2.9.0 – Authenticated Privilege Escalation Role...
Exploit for Path Traversal in Tuzitio Camaleon_Cms
CVE-2024-46987: Automated Path Traversal !Vulnerability Type...
Exploit for CVE-2025-2304
PoC: CVE-2025-2304 - Camaleon CMS Privilege Escalation Tec...
Exploit for CVE-2025-2304
CVE-2025-230...
Exploit for Path Traversal in Tuzitio Camaleon_Cms
CVE-2024-46987 - Camaleon CMS Authenticated Arbitrary File Rea...