Security Advisory

CVE-2025-2304

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-14 12:34:19

Last updated 2025-03-17 07:45:14

Assigner tenable

State PUBLISHED

Description

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the updated_ajax method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

← Browse all CVEs View on cve.org ↗