CVE-2023-30145

Server-Side Template Injection in Camaleon CMS in gem/camaleon_cms

Identifiers

CVE-2023-30145, GHSA-x487-866m-p8hr

Package Slug

gem/camaleon_cms

Vulnerability

Server-Side Template Injection in Camaleon CMS

Description

Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.

Affected Versions

All versions up to 2.7.0

Solution

Upgrade to version 2.7.1 or above.

Last Modified

2023-05-29

source