GoogleOSV:GHSA-X487-866M-P8HRServer-Side Template Injection in Camaleon CMS
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.016 Low
EPSS
Percentile
87.6%
Camaleon CMS prior to 2.7.4 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
References
packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.html
book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_link
github.com/owen2345/camaleon-cms
github.com/owen2345/camaleon-cms/commit/4485788c544eb1aae52ca613bd9626129e3df6ee
github.com/owen2345/camaleon-cms/issues/1052
github.com/owen2345/camaleon-cms/releases/tag/2.7.4
github.com/paragbagul111/CVE-2023-30145
github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2023-30145.yml
nvd.nist.gov/vuln/detail/CVE-2023-30145
portswigger.net/research/server-side-template-injection
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.016 Low
EPSS
Percentile
87.6%