15 matches found
CVE-2023-30145
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter...
Remote Code Execution (RCE)
Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Remote Code Execution RCE via the formats parameter. Remediation Upgrade camaleoncms to version 2.7.4 or higher...
GHSA-X487-866M-P8HR Server-Side Template Injection in Camaleon CMS
Camaleon CMS prior to 2.7.4 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter...
CVE-2023-30145
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter...
CVE-2023-30145
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter...
Sql injection
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter...
CVE-2023-30145
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter...
CVE-2023-30145
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter...
CamaleonCMS 代码注入漏洞
CamaleonCMS is an advanced dynamic content management system CMS based on RubyonRails by the CamaleonCMS team. A security vulnerability exists in CamaleonCMS version v2.7.0, which stems from a server-side template injection SSTI via the formats parameter...
PT-2023-22554 · Unknown · Camaleon Cms
Name of the Vulnerable Software and Affected Versions: Camaleon CMS versions 2.7.0 through 2.7.3 Description: The issue is related to a Server-Side Template Injection SSTI vulnerability. It occurs via the formats parameter. There is no information provided about the estimated number of potentiall...
Server-Side Template Injection in Camaleon CMS
Camaleon CMS prior to 2.7.4 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter...
CVE-2023-30145
Camaleon CMS is affected: versions below 2.7.0 contain a Server-Side Template Injection (SSTI) via the formats parameter in the admin media/upload flow. The root cause is SSTI in the template handling of the formats field, enabling potentially arbitrary code execution. Documented details include ...
Exploit for Code Injection in Tuzitio Camaleon_Cms
Description: Camaleon CMS v2.7.0 was discovered to contain a S...
Exploit for Code Injection in Tuzitio Camaleon_Cms
Description: Camaleon CMS v2.7.0 was discovered to contain a S...
CVE-2018-14689
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...