Описание
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS
When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
EPSS
Процентиль: 24%
0.00081
Низкий
Дефекты
CWE-915
Связанные уязвимости
github
11 месяцев назад
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
EPSS
Процентиль: 24%
0.00081
Низкий
Дефекты
CWE-915