CVE-2025-2304

216.73.217.22

· Published 14/03/2025 13:15 · Modified 14/03/2025 13:15

Labels: CVE-2025-2304 2025-03-14 CVE-2025-2304 CWE-915 [email protected]

Essential information

Published: 14/03/2025 13:15
Modified: 14/03/2025 13:15
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
camaleon / camaleon cms	`cpe:2.3:a:camaleon:camaleon_cms::::::::`

CVE-2025-2304

Essential information

Description

NVD status

Affected products (CPE)

References