Server-Side Template Injection Vulnerability in Camaleon CMS by Camaleon
CVE-2023-30145

9.8CRITICAL

Key Information:

Vendor: Tuzitio
Status: Camaleon Cms
Vendor: CVE Published:; 26 May 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 58%

What is CVE-2023-30145?

Camaleon CMS v2.7.0 is affected by a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. This vulnerability allows an attacker to inject malicious templates into the application, potentially leading to unauthorized code execution and data exposure. Web applications using Camaleon CMS must implement necessary patches or workarounds to mitigate the risks associated with this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-30145
Created by paragbagul111

References

https://portswigger.net/research/server-side-template-inj...

https://book.hacktricks.xyz/pentesting-web/ssti-server-si...

https://drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8n...

EPSS Score

58% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2023
🟡
Public PoC available
May 25, 2023
👾
Exploit known to exist
May 25, 2023
Vulnerability Reserved
Apr 7, 2023

JSON

Tuzitio

Badges

What is CVE-2023-30145?

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V3.1

Timeline