CVE-2021-25971

Summary

In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file

Affected Software

VendorProductVersion RangeStatus
camaleon_cmscamaleon_cms2.0.1 < unspecifiedaffected
camaleon_cmscamaleon_cmsunspecified <= 2.6.0affected

Weaknesses

  • CWE-248: CWE-248 Uncaught Exception

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References