3 matches found
CVE-2024-46987
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on depending on the file...
CVE-2024-46987
CVE-2024-46987 affects Camaleon CMS (Ruby on Rails). A path traversal flaw exists in the MediaController download_private_file endpoint, where the file parameter is not properly sanitized, allowing an authenticated user to read arbitrary server files (information disclosure). Affected versions ar...
CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...