icon

We found results for “

CVE-2021-25971

Date: October 20, 2021

Overview

In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file

Details

Camaleon CMS’s Media upload feature crashes permanently when an attacker with low privilege access uploads an .svg file

PoC Details

In a private window, create a sample account. Go to Profile, Change Photo and upload a crafted SVG file with contents such as given below.
Now in a normal window, login as an administrator user. Go to the Media tab on the right. We can see a crash which is permanent and no user can now upload any image nor change their picture.

PoC Code

<svg xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink">
</svg>

Affected Environments

Camaleon CMS versions 2.0.1 to 2.6.0

Prevention

Update to camaleon_cms version 2.6.0.1

Language: Ruby

Good to know:

icon

Uncaught Exception

CWE-248
icon

Upgrade Version

Upgrade to version camaleon_cms - 2.6.0.1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): Low
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): None
Availability (A): Partial
Additional information: