Camaleon CMS < 2.8.1 Arbitrary File Write to RCE

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a remote...

CVE-2026-10715

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

EUVD-2026-36536

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

Exploit for CVE-2025-2304

CVE-2025-2304-POC PoC for CVE-2025-2304 — Camaleon CMS 2.9.0...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms

HTB Facts — Full Writeup Difficulty: Medium OS: Lin...

📄 Camaleon CMS 2.9.0 Path Traversal

Camaleon CMS version 2.9.0 suffers from a path traversal vulnerability. Exploit Title: Camaleon CMS v2.9.0 - Path Traversal Date: 2026-02-02 Exploit Author: Sakshi Velampudi CyberQuestor Vendor Homepage: https://github.com/owen2345/camaleon-cms Software Link:...

Camaleon CMS v2.9.0 - Path Traversal

Exploit Title: Camaleon CMS v2.9.0 - Path Traversal Date: 2026-02-02 Exploit Author: Sakshi Velampudi CyberQuestor Vendor Homepage: https://github.com/owen2345/camaleon-cms Software Link: https://github.com/owen2345/camaleon-cms/releases/tag/2.9.0 Version: = 2.9.0 Tested on: Linux CVE:...

Exploit for CVE-2025-2304

HackTheBox — Facts Machine Writeup !HackTheBoxhttps://img...

Metasploit Wrap-Up 04/25/2026

Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability but instead to determine if the target is vulnerable. Metasploit tries to be very conservative with classifying a target as “vulnerable”...

Camaleon CMS Directory Traversal CVE-2024-46987

Exploits CVE-2024-46987, an authenticated directory traversal vulnerability in Camaleon CMS versions use auxiliary/gather/camaleondownloadprivatefile msf auxiliarycamaleondownloadprivatefile show actions ...actions... msf auxiliarycamaleondownloadprivatefile set ACTION msf...

Camaleon CMS Vulnerable To Path Traversal Through AWS S3 Uploader Implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

CVE-2026-1776

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

GHSA-JW5G-F64P-6X78 Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

EUVD-2026-10362

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

EUVD-2026-10361

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

CVE-2026-1776

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

CVE-2026-1776

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...