CVE-2021-25970

Summary

Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.

Affected Software

VendorProductVersion RangeStatus
camaleon_cmscamaleon_cms0.1.7 < unspecifiedaffected
camaleon_cmscamaleon_cmsunspecified <= 2.6.0affected

Weaknesses

  • CWE-613: CWE-613 Insufficient Session Expiration

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References