CVE-2025-2304

This Python script exploits a privilege escalation vulnerability in Camaleon CMS by manipulating the password change form to elevate a user's role to admin. It automates login, version checking, and form submission to trigger the vulnerability.

The repository contains a functional SQL injection exploit for CVE-2025-10042 targeting WordPress Quiz Maker plugin versions <= 6.7.0.56. The exploit uses time-based blind SQLi to extract admin credentials and password hashes.

This PoC exploits a mass assignment vulnerability in Camaleon CMS < 2.9.1, allowing authenticated users to escalate privileges to admin by injecting a `password[role]=admin` parameter during password change.

This is a functional PoC for CVE-2025-2304, a mass assignment vulnerability in Camaleon CMS allowing privilege escalation from low-privileged users to administrators via parameter injection.

This repository contains a Python PoC for CVE-2025-2304, an authenticated privilege escalation vulnerability in Camaleon CMS 2.9.0. The exploit abuses mass-assignment in the `updated_ajax` endpoint to escalate a user's role to admin and optionally extract S3 configuration.

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.

This Python script exploits a mass assignment vulnerability in Camaleon CMS 2.9.0, allowing privilege escalation from a regular user to administrator by manipulating the `role` parameter in the `updated_ajax` endpoint.

This PoC exploits a privilege escalation vulnerability in Camaleon CMS by injecting a role parameter into the password reset function, allowing an authenticated user to escalate their privileges to administrator.

This repository contains a functional Python exploit for CVE-2025-2304, a mass assignment vulnerability in Camaleon CMS < 2.9.1. The exploit automates privilege escalation by manipulating the `role` parameter in password change requests.

This is a detailed technical writeup for HackTheBox's 'Facts' machine, covering an exploit chain involving CVE-2025-2304 (Camaleon CMS mass assignment) leading to privilege escalation via S3 credential leak and sudo misconfiguration. It includes step-by-step technical analysis, code snippets, and tool usage.

The repository contains only a README with vague references to CVE-2025-2304 and an exploit chain involving AWS S3, SSH keys, and Facter PrivEsc, but no actual exploit code or technical details. It appears to be a placeholder or lure.

The repository contains a functional Python exploit for CVE-2025-2304, which leverages a mass assignment vulnerability in Camaleon CMS's `updated_ajax` endpoint to escalate user privileges to admin by injecting `password[role]=admin` during a password change request.

This repository contains a Python-based exploit for CVE-2025-2304, targeting a privilege escalation vulnerability in Camaleon CMS versions prior to 2.9.1. The exploit automates authentication, version detection, and payload delivery to escalate privileges.

The repository lacks actual exploit code and instead directs users to an external download link for the script, which is a common tactic for distributing malware or fake exploits. The README is vague and lacks technical details about the vulnerability.

This exploit targets a privilege escalation vulnerability in Camaleon CMS due to unsafe mass assignment in the UsersController. It allows an authenticated user to modify restricted attributes (e.g., role) via the updated_ajax method to gain admin privileges.

This PoC exploits CVE-2025-2304 by leveraging a privilege escalation vulnerability in a web application. It authenticates as a user, extracts CSRF tokens, and sends a crafted PATCH request to escalate the user's role to admin.

This PoC exploits a mass assignment vulnerability in Camaleon CMS (pre-2.8.1) via the `updated_ajax` endpoint, allowing privilege escalation by injecting a `role` parameter into the `password` scope during a profile update.

This PoC exploits a mass assignment vulnerability in Camaleon CMS (CVE-2025-2304) to escalate user privileges to admin by injecting a 'password[role]' parameter during a password update request. It authenticates, retrieves CSRF tokens, and sends a crafted request to the vulnerable endpoint.

This exploit targets a mass assignment vulnerability in Camaleon CMS < 2.9.1, allowing privilege escalation from a low-privileged user to administrator by manipulating the password update endpoint.

This repository provides a manual proof-of-concept for CVE-2025-2304, detailing steps to exploit a privilege escalation vulnerability in Camaleon CMS version 2.9.0 by injecting a parameter into a password change request.