Количество 2
Количество 2
CVE-2021-25972
In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.
GHSA-vx6p-q4gj-x6xx
Camaleon CMS vulnerable to Server-Side Request Forgery
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-25972 In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server. | CVSS3: 4.9 | 0% Низкий | больше 4 лет назад |
| GHSA-vx6p-q4gj-x6xx Camaleon CMS vulnerable to Server-Side Request Forgery | CVSS3: 4.9 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу