CVE-2024-46986 — AI Deep Analysis Summary

🚨 **Essence**: A critical Arbitrary File Write vulnerability in Camaleon CMS.…

🛡️ **Root Cause**: CWE-74 (Path Traversal/Injection). The flaw lies in the `MediaController` upload method, which fails to sanitize file paths, allowing arbitrary file writes outside intended directories.

👥 **Affected**: **Camaleon CMS** versions **2.8.0** and likely earlier. Vendor: **owen2345**. Component: The core CMS file upload functionality.

🔓 **Attacker Capabilities**: With access, hackers can execute arbitrary commands via uploaded Ruby scripts.…

🔑 **Threshold**: **Medium**. Requires **Authenticated User** access (PR:L). However, the attack complexity is Low (AC:L), and no user interaction is needed (UI:N).

💣 **Public Exp?**: **YES**. Active PoCs exist on GitHub (e.g., `vidura2/CVE-2024-46986`) and Nuclei templates. Automated exploitation tools are available for immediate use.

🔍 **Self-Check**: Scan for Camaleon CMS instances. Use Nuclei templates (`CVE-2024-46986.yaml`) to test the `MediaController` upload endpoint. Check if file uploads allow path traversal sequences.

🩹 **Fix Status**: **Yes**. Version **2.8.1** has been released to address this. See GitHub Security Advisory GHSA-wmjg-vqhv-q5p5 for official patch details.

🚧 **No Patch?**: Restrict file upload permissions. Implement strict allowlists for file paths. Isolate the CMS in a container/sandbox. Disable unnecessary upload features if not needed.

⚡ **Urgency**: **CRITICAL**. CVSS Score is High (9.8). With public exploits and RCE potential, immediate patching to v2.8.1 or strict mitigation is required.