Remote Code Execution
Camaleon CMS is vulnerable to Remote Code Execution. The vulnerability is due to insufficient path validation in the MediaController class, allowing attackers, after taking over an administrator account, to delete arbitrary files or folders. Additionally, the cropurl action may allow arbitrary fi...