CVE-2021-25972

Camaleon CMS - Server-Side Request Forgery (SSRF) in Media Upload Feature

Severity Score

4.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.

En Camaleon CMS, versiones 2.1.2.0 a 2.6.0, son vulnerables a un ataque de tipo Server-Side Request Forgery (SSRF) en la función media upload, que permite a usuarios administradores obtener archivos de medios desde URLs externas, pero no comprueba las URLs que hacen referencia a localhost u otros servidores internos. Esto permite a atacantes leer archivos almacenados en el servidor interno

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-22 CVE Reserved
2021-10-20 CVE Published
2023-05-13 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-918: Server-Side Request Forgery (SSRF)

CAPEC

References (2)

URL	Tag	Source
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25972	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/owen2345/camaleon-cms/commit/5a252d537411fdd0127714d66c1d76069dc7e190	2021-10-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Tuzitio Search vendor "Tuzitio"		Camaleon Cms Search vendor "Tuzitio" for product "Camaleon Cms"				>= 2.1.2.0 <= 2.6.0 Search vendor "Tuzitio" for product "Camaleon Cms" and version " >= 2.1.2.0 <= 2.6.0"		-		Affected