CVE-2026-1776— CAMALEON CMS 路径遍历漏洞

Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality when the application is configured to use the CamaleonCmsAwsUploader backend. Unlike the local uploader implementation, the AWS uploader does not validate file paths with valid_folder_path?, allowing directory traversal sequences to be supplied via the file parameter. As a result, any authenticated user, including low-privileged registered users, can access sensitive files such as /etc/passwd. This issue represents a bypass of the incomplete fix for CVE-2024-46987 and affects deployments using the AWS S3 storage backend.

N/A

对路径名的限制不恰当(路径遍历)

CAMALEON CMS 路径遍历漏洞

CAMALEON CMS是Owen Peredo Diaz个人开发者的一个动态高级内容管理系统。 Camaleon CMS 2.9.0及之前版本和f54a77e之前版本存在路径遍历漏洞，该漏洞源于AWS S3上传器实现中的路径遍历，可能导致经过身份验证的用户读取Web服务器文件系统中的任意文件。

N/A

N/A