Vulnerabilities > CVE-2021-25972 - Server-Side Request Forgery (SSRF) vulnerability in Tuzitio Camaleon CMS
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/owen2345/camaleon-cms/commit/5a252d537411fdd0127714d66c1d76069dc7e190
- https://github.com/owen2345/camaleon-cms/commit/5a252d537411fdd0127714d66c1d76069dc7e190
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25972
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25972