📦 Camaleon Cms

CVE-2024-46986 is an arbitrary file write vulnerability in Camaleon CMS that allows authenticated users to write files to any location on the web server. This can lead to remote code execution if atta...

Camaleon CMS v2.7.0 contains a Server-Side Template Injection vulnerability in the formats parameter that allows attackers to execute arbitrary code on the server. This affects all installations using...

Camaleon CMS versions 0.1.7 through 2.6.0 have an authentication flaw where user sessions remain active even after password changes. This allows previously logged-in users to maintain access to the ap...

Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability where authenticated administrators can inject malicious scripts into post titles. When other users mouse over these titles, ...

A Cross-Site Scripting (XSS) vulnerability in Camaleon CMS v2.7.5 allows remote attackers to inject malicious scripts via the content group name field. This could enable attackers to steal session coo...