Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read
Vulnerability Description
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality when the application is configured to use the CamaleonCmsAwsUploader backend. Unlike the local uploader implementation, the AWS uploader does not validate file paths with valid_folder_path?, allowing directory traversal sequences to be supplied via the file parameter. As a result, any authenticated user, including low-privileged registered users, can access sensitive files such as /etc/passwd. This issue represents a bypass of the incomplete fix for CVE-2024-46987 and affects deployments using the AWS S3 storage backend.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
CAMALEON CMS 路径遍历漏洞
Vulnerability Description
CAMALEON CMS是Owen Peredo Diaz个人开发者的一个动态高级内容管理系统。 Camaleon CMS 2.9.0及之前版本和f54a77e之前版本存在路径遍历漏洞,该漏洞源于AWS S3上传器实现中的路径遍历,可能导致经过身份验证的用户读取Web服务器文件系统中的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A