MAEN1-prog

2 exploits Active since Mar 2025
CVE-2025-2304 NOMISEC CRITICAL WORKING POC
Rubygems Camaleon Cms < 2.9.1 - Privilege Escalation
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
CVE-2025-2304 NOMISEC CRITICAL SUSPICIOUS
Rubygems Camaleon Cms < 2.9.1 - Privilege Escalation
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.