Количество 2
Количество 2
CVE-2025-2304
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
GHSA-rp28-mvq3-wf8j
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-2304 A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering. | 0% Низкий | 11 месяцев назад | |
| GHSA-rp28-mvq3-wf8j Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу