CVE-2024-46986

CRITICAL NUCLEI

Camaleon CMS < 2.8.2 - Authenticated Arbitrary File Write via MediaController Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-46986. PoCs published by vidura2. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python script that exploits an arbitrary file upload vulnerability in Camaleon CMS (CVE-2024-46986), allowing attackers to upload malicious Ruby scripts for remote code execution (RCE) via reverse shell or command execution payloads.

Description

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Exploits (1)

nomisec WORKING POC 2 stars

by vidura2 · poc

https://github.com/vidura2/CVE-2024-46986

View Code ZIP pw:eip

This repository contains a Python script that exploits an arbitrary file upload vulnerability in Camaleon CMS (CVE-2024-46986), allowing attackers to upload malicious Ruby scripts for remote code execution (RCE) via reverse shell or command execution payloads.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Camaleon CMS

Auth required

Prerequisites: Valid user credentials (auth_token and _cms_session) · Python 3.x with requests library · Target URL and payload configuration

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Camaleon CMS < 2.8.1 Arbitrary File Write to RCE

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: title:"Camaleon CMS"

FOFA: title="Camaleon CMS"

References (5)

Core 5

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5

Third Party Advisory x_refsource_misc

https://codeql.github.com/codeql-query-help/ruby/rb-path-injection

Issue Tracking x_refsource_misc

https://owasp.org/www-community/attacks/Path_Traversal

Various Sources x_refsource_misc

https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS

Patch x_refsource_misc

https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released

Scores

CVSS v3 9.9

EPSS 0.9229

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22 CWE-74

Status published

Products (2)

rubygems/camaleon_cms 2.8.0 - 2.8.1RubyGems

tuzitio/camaleon_cms < 2.8.2

Published Sep 18, 2024

Tracked Since Feb 18, 2026