Path traversal vulnerability in Chameleon Power products
Description
Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Path traversal in Chameleon Power framework 1.0 allows remote attackers to read arbitrary files via the getImage parameter.
Vulnerability
A path traversal vulnerability exists in Chameleon Power framework version 1.0 in the getImage parameter. This allows a remote attacker to read arbitrary files on the server, including sensitive configuration files [1].
Exploitation
The vulnerability is exploitable over the network without authentication. An attacker can send a crafted request to the vulnerable endpoint, manipulating the getImage parameter with path traversal sequences (e.g., ../) to access files outside the intended directory [1].
Impact
Successful exploitation leads to information disclosure (confidentiality impact). The attacker can obtain sensitive data such as configuration files, potentially revealing credentials or other secrets. There is no impact on integrity or availability.
Mitigation
As of the advisory publication date (November 22, 2023), no official fix or workaround has been made available [1]. Users are advised to monitor for updates from the vendor and restrict network access to the application if possible.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Chameleon Power/Chameleon Powerv5Range: v1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.