4 matches found
EUVD-2022-5071
Malicious code in bioql PyPI...
CVE-2021-25970
Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed...
Remote Code Execution
Camaleon CMS is vulnerable to Remote Code Execution. The vulnerability is due to insufficient file handling in the MediaController's upload method, allowing authenticated users to write arbitrary files to any location on the server, depending on filesystem permissions. This can potentially lead t...
CVE-2023-30145
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter...