CVE-2023-30145

Camaleon CMS version 2.7.0, a Ruby on Rails content management system described as an alternative to WordPress [2], is vulnerable to Server-Side Template Injection (SSTI) through the formats parameter [3]. Template injection occurs when user input is unsafely embedded into a template engine, and unlike cross-site scripting (XSS), it can be exploited to attack the server directly [1]. The reference advisory notes that this flaw is present in the formats parameter, though specific technical details of the injection point are not publicly disclosed beyond the CVE description [3].

The formats parameter is likely processed by a template engine (such as ERB or similar, given the Rails framework). An attacker sends a crafted payload embedded in the formats value, which is then interpreted as template code. Although the official description does not specify authentication requirements, CMS template injection features are often exposed to unauthenticated users (e.g., in default theme settings or plugin configuration). The vulnerability can be exploited without authentication if the parameter is accessible to unauthenticated visitors, which is a common scenario in such CMS platforms [1].

Successful exploitation of this SSTI allows the attacker to execute arbitrary code on the server hosting the Camaleon CMS instance. This can lead to full compromise of the CMS, including data theft, modification or deletion of content, installation of backdoors, and further lateral movement within the hosting environment. The impact is rated as critical because it combines a high CVSS score with the potential for unauthenticated remote code execution [3].

As of the publication date, Camaleon CMS version 2.7.0 is the affected version, and users are strongly advised to apply any available patch or update. The Ruby Advisory Database entry for this CVE indicates that a fix has been committed to the development branch [4]. While a proof-of-concept exploit has been publicly released as a Packet Storm advisory [3], there is no evidence of active exploitation in the wild. Mitigation involves updating to a patched version or restricting access to the vulnerable parameter until an upgrade can be applied.