3 matches found
CVE-2024-46987
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on depending on the file...
CVE-2024-46987
CVE-2024-46987 affects Camaleon CMS (Ruby on Rails). A path traversal flaw exists in the MediaController download_private_file endpoint, where the file parameter is not properly sanitized, allowing an authenticated user to read arbitrary server files (information disclosure). Affected versions ar...
CVE-2024-46987 Arbitrary path traversal in Camaleon CMS
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on depending on the file...