In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when…
Mend·CWE-248·Published 2021-10-20
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file
In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file.
In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file.
En Camaleon CMS, versiones 2.0.1 a 2.6.0 son vulnerables a un ataque de tipo Uncaught Exception. La función media upload de la aplicación es bloqueada permanentemente cuando un atacante con un acceso de bajo privilegio carga un archivo .svg especialmente diseñado
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.0 | 8.0 | 2.9 | AV:N/AC:L/Au:S/C:N/I:N/A:P |
| 3.1 | Primary | cve.org | 4.3 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | Primary | NVD | 4.3 | 2.8 | 1.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | Primary | cve.org | 4.3 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | Secondary | NVD | 4.3 | 2.8 | 1.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | Secondary | GHSA | 4.3 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |