CVE-2024-46987 PoC — CamaleonCMS 信息泄露漏洞

Source

https://github.com/Goultarde/CVE-2024-46987

Associated Vulnerability

Title:CamaleonCMS 信息泄露漏洞 (CVE-2024-46987)
Description:CamaleonCMS是CamaleonCMS团队的一套基于RubyonRails的高级动态内容管理系统（CMS）。 CamaleonCMS 2.8.0版本存在信息泄露漏洞，该漏洞源于存在路径遍历漏洞，允许经过身份验证的用户下载服务器上的任何文件。

Description

This Python PoC exploits CVE-2024-46987, a Path Traversal bug in Camaleon CMS 2.8.0 < 2.8.2  (work on 2.9.0). It allows authenticated users to read sensitive server files via the MediaController. Intended for authorized security auditing and educational research only.

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!