CVE-2025-2304
14.03.2025, 13:15
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit!method, which allows all parameters to pass through without any filtering.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.