Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-2304
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Camaleon CMS Privilege Escalation
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-915
Source: NVD (National Vulnerability Database)
Vulnerability Title
CamaleonCMS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CamaleonCMS是CamaleonCMS团队的一套基于RubyonRails的高级动态内容管理系统(CMS)。 CamaleonCMS存在安全漏洞,该漏洞源于大规模赋值可能导致权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
owen2345camaleon-cms--
II. Public POCs for CVE-2025-2304
#POC DescriptionSource LinkShenlong Link
1CVE-2025-2304 POChttps://github.com/whiteov3rflow/CVE-2025-2304-POCPOC Details
2Nonehttps://github.com/d3vn0mi/cve-2025-2304-pocPOC Details
3Manual poc for CVE-2025-2304https://github.com/innocentx0/CVE-2025-2304-POCPOC Details
4Exploit for CVE-2025-2304 | Camaleon CMS versions < 2.9.1https://github.com/the8frust/CVE-2025-2304POC Details
5CVE-2025-2304 POC - Camaleon CMS Privilege Escalationhttps://github.com/AzureADTrent/CVE-2025-2304_POCPOC Details
6PoC for CVE-2025-2304 Privilege Escalation in the Camaleon CMShttps://github.com/lil0xplorer/CVE-2025-2304-PoCPOC Details
7Python script to exploit Privilege Escalation in Camaleon CMS.https://github.com/predyy/CVE-2025-2304POC Details
8Nonehttps://github.com/7acini/CVE-2025-2304-CamaleonCMS-PoCPOC Details
9Authenticated privilege escalation in Camaleon CMS v2.9.0 via improper parameter handling in the updated_ajax endpoint.https://github.com/Alien0ne/CVE-2025-2304POC Details
10POC for CVE-2025-2304https://github.com/PwnManjaro/CVE-2025-2304POC Details
11Exploit for CVE-2025-2304https://github.com/sparrowhawk1113/Exploit-for-CVE-2025-2304POC Details
12This Python script exploits a critical mass assignment vulnerability in Camaleon CMS version 2.9.0, allowing any registered user to escalate their privileges to administrator.https://github.com/CsuriBird/CVE-2025-2304POC Details
13🛠️ Exploit CVE-2025-2304 in Camaleon CMS easily with this Python script for privilege escalation, tested on version 2.9.0.https://github.com/MAEN1-prog/CVE-2025-2304POC Details
14🚨 Automate the exploitation of the CVE-2025-2304 privilege escalation vulnerability in Camaleon CMS with this Python script.https://github.com/MAEN1-prog/maen1-prog.github.ioPOC Details
15Privilege escalation vulnerability in Camaleon CMS < 2.9.1.https://github.com/estebanzarate/CVE-2025-2304-Camaleon-CMS-Mass-Assignment-Privilege-Escalation-PoCPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-2304
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: camaleon-cms
Same vendor: owen2345
Same weakness: CWE-915
V. Comments for CVE-2025-2304

No comments yet

Leave a comment