VYPR
Moderate severityNVD Advisory· Published Oct 20, 2021· Updated Apr 30, 2025

Camaleon CMS - Server-Side Request Forgery (SSRF) in Media Upload Feature

CVE-2021-25972

Description

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
camaleon_cmsRubyGems
>= 2.1.2.0, < 2.6.0.12.6.0.1

Affected products

2
  • ghsa-coords
    Range: >= 2.1.2.0, < 2.6.0.1
  • camaleon_cms/camaleon_cmsv5
    Range: 2.1.2.0

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.