VulnerableCode Package Details - pkg:gem/camaleon

Search for packages

Vulnerability	Summary	Fixed by
VCID-698a-rmdd-vqhs Aliases: CVE-2025-2304 GHSA-rp28-mvq3-wf8j	Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.	2.9.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-y14c-1pts-fqcw Aliases: CVE-2026-1776 GHSA-jw5g-f64p-6x78	Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality when the application is configured to use the CamaleonCmsAwsUploader backend. Unlike the local uploader implementation, the AWS uploader does not validate file paths with valid_folder_path?, allowing directory traversal sequences to be supplied via the file parameter. As a result, any authenticated user, including low-privileged registered users, can access sensitive files such as /etc/passwd. This issue represents a bypass of the incomplete fix for CVE-2024-46987 and affects deployments using the AWS S3 storage backend.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-698a-rmdd-vqhs
Aliases:
CVE-2025-2304
GHSA-rp28-mvq3-wf8j

Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

2.9.1
Affected by 1 other vulnerability.

VCID-y14c-1pts-fqcw
Aliases:
CVE-2026-1776
GHSA-jw5g-f64p-6x78

Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality when the application is configured to use the CamaleonCmsAwsUploader backend. Unlike the local uploader implementation, the AWS uploader does not validate file paths with valid_folder_path?, allowing directory traversal sequences to be supplied via the file parameter. As a result, any authenticated user, including low-privileged registered users, can access sensitive files such as /etc/passwd. This issue represents a bypass of the incomplete fix for CVE-2024-46987 and affects deployments using the AWS S3 storage backend.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-6xw2-ykvp-4qaw	Insufficient Session Expiration Camaleon CMS to doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.	CVE-2021-25970 GHSA-438x-2p9v-g8h9
VCID-9jsa-k6th-dubb	In Camaleon CMS to, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.	CVE-2021-25972 GHSA-vx6p-q4gj-x6xx
VCID-b2rx-y3hz-63dx	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In “Camaleon CMS” application to are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.	CVE-2021-25969 GHSA-x78v-4fvj-rg9j
VCID-jwkf-ess3-9kgr	Unchecked Error Condition Camaleon CMS is vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted `.svg` file	CVE-2021-25971 GHSA-r2w2-h6r8-3r53

Vulnerability

Summary

Aliases

VCID-6xw2-ykvp-4qaw

Insufficient Session Expiration Camaleon CMS to doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.

CVE-2021-25970
GHSA-438x-2p9v-g8h9

VCID-9jsa-k6th-dubb

In Camaleon CMS to, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.

CVE-2021-25972
GHSA-vx6p-q4gj-x6xx

VCID-b2rx-y3hz-63dx

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In “Camaleon CMS” application to are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.

CVE-2021-25969
GHSA-x78v-4fvj-rg9j

VCID-jwkf-ess3-9kgr

Unchecked Error Condition Camaleon CMS is vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted `.svg` file

CVE-2021-25971
GHSA-r2w2-h6r8-3r53

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T18:16:08.301687+00:00	Ruby Importer	Affected by	VCID-y14c-1pts-fqcw	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2026-1776.yml	38.6.0
2026-06-04T18:15:24.944502+00:00	Ruby Importer	Affected by	VCID-698a-rmdd-vqhs	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2025-2304.yml	38.6.0
2026-06-04T18:05:59.592241+00:00	GithubOSV Importer	Fixing	VCID-6xw2-ykvp-4qaw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-438x-2p9v-g8h9/GHSA-438x-2p9v-g8h9.json	38.6.0
2026-06-04T18:03:47.107168+00:00	GithubOSV Importer	Fixing	VCID-9jsa-k6th-dubb	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vx6p-q4gj-x6xx/GHSA-vx6p-q4gj-x6xx.json	38.6.0
2026-06-04T17:58:19.513733+00:00	GithubOSV Importer	Fixing	VCID-jwkf-ess3-9kgr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r2w2-h6r8-3r53/GHSA-r2w2-h6r8-3r53.json	38.6.0
2026-06-04T17:54:41.294660+00:00	GithubOSV Importer	Fixing	VCID-b2rx-y3hz-63dx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x78v-4fvj-rg9j/GHSA-x78v-4fvj-rg9j.json	38.6.0
2026-06-02T04:40:16.028853+00:00	GitLab Importer	Fixing	VCID-6xw2-ykvp-4qaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/camaleon_cms/CVE-2021-25970.yml	38.6.0
2026-06-02T04:40:15.986490+00:00	GitLab Importer	Fixing	VCID-jwkf-ess3-9kgr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/camaleon_cms/CVE-2021-25971.yml	38.6.0
2026-06-02T04:40:15.867147+00:00	GitLab Importer	Fixing	VCID-b2rx-y3hz-63dx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/camaleon_cms/CVE-2021-25969.yml	38.6.0
2026-06-02T04:40:15.823029+00:00	GitLab Importer	Fixing	VCID-9jsa-k6th-dubb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/camaleon_cms/CVE-2021-25972.yml	38.6.0