2025-03-14 12:34:19
tenable
PUBLISHED
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the updated_ajax method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.