CVE-2021-25972

Name of the Vulnerable Software and Affected Versions Camaleon CMS versions 2.1.2.0 through 2.6.0

Description The issue concerns a Server-Side Request Forgery (SSRF) vulnerability in the media upload feature. This feature allows admin users to fetch media files from external URLs but fails to validate URLs referencing localhost or other internal servers, enabling attackers to read files stored on the internal server.

Recommendations For Camaleon CMS versions 2.1.2.0 through 2.6.0, as a temporary workaround, consider disabling the media upload feature until a patch is available. Restrict access to the media upload module to minimize the risk of exploitation. Avoid using the media upload feature to fetch files from external URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.