CVE-2025-2304 - Camaleon CMS Privilege Escalation Vulnerability
CVE ID : CVE-2025-2304 Published : March 14, 2025, 1:15 p.m. | 29 minutes ago Description : A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2304
Published : March 14, 2025, 1:15 p.m. | 29 minutes ago
Description : A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : March 14, 2025, 1:15 p.m. | 29 minutes ago
Description : A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
