Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
A Privilege Escalation through a Mass Assignment exists in Camaleon CMSWhen a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
No PoCs from references.
- https://github.com/JoshuaMart/JoshuaMart
- https://github.com/fkie-cad/nvd-json-data-feeds