CVE-2021-25971— Camaleon CMS - SVG File Upload Creates DoS for Media Upload Feature

CVSS 4.3 · Medium EPSS 0.28% · P51 Updated May 01, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-25971

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Camaleon CMS - SVG File Upload Creates DoS for Media Upload Feature

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

未捕获的异常

Source: NVD (National Vulnerability Database)

Vulnerability Title

CamaleonCMS 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

CamaleonCMS是CamaleonCMS团队的一套基于RubyonRails的高级动态内容管理系统（CMS）。 CamaleonCMS 存在安全漏洞，该漏洞源于在Camaleon CMS中，版本2.0.1到2.6.0容易出现未捕获异常。攻击者可利用该漏洞上传一个特制的svg文件时，应用程序的媒体上传功能就会永久崩溃。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
camaleon_cms	camaleon_cms	2.0.1 ~ unspecified	-

II. Public POCs for CVE-2021-25971

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-25971

请登录查看更多情报信息。

Same Patch Batch · camaleon_cms · 2021-10-20 · 4 CVEs total

CVE-2021-25970	8.8 HIGH	Camaleon CMS - Insufficient Session Expiration after Password Change
CVE-2021-25969	6.1 MEDIUM	Camaleon CMS - Stored Cross-Site Scripting (XSS) in Comments
CVE-2021-25972	4.9 MEDIUM	Camaleon CMS - Server-Side Request Forgery (SSRF) in Media Upload Feature

IV. Related Vulnerabilities

Same product: camaleon_cms

Same vendor: camaleon_cms

Same weakness: CWE-248

V. Comments for CVE-2021-25971

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-25971— Camaleon CMS - SVG File Upload Creates DoS for Media Upload Feature

I. Basic Information for CVE-2021-25971

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-25971

III. Intelligence Information for CVE-2021-25971

Same Patch Batch · camaleon_cms · 2021-10-20 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-25971

Leave a comment