Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-25971
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Camaleon CMS - SVG File Upload Creates DoS for Media Upload Feature
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
未捕获的异常
Source: NVD (National Vulnerability Database)
Vulnerability Title
CamaleonCMS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CamaleonCMS是CamaleonCMS团队的一套基于RubyonRails的高级动态内容管理系统(CMS)。 CamaleonCMS 存在安全漏洞,该漏洞源于在Camaleon CMS中,版本2.0.1到2.6.0容易出现未捕获异常。攻击者可利用该漏洞上传一个特制的svg文件时,应用程序的媒体上传功能就会永久崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
camaleon_cmscamaleon_cms 2.0.1 ~ unspecified -
II. Public POCs for CVE-2021-25971
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-25971
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: camaleon_cms
Same vendor: camaleon_cms
Same weakness: CWE-248
V. Comments for CVE-2021-25971

No comments yet

Leave a comment