CVE-2025-2304
Description
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
Is your site exposed to CVE-2025-2304?
Run a free security scan — no signup, results in seconds.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-2304? +
How do I check if I'm vulnerable to CVE-2025-2304? +
Related Vulnerabilities
Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. …
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable …
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity …
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or …
c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose …
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, …