Name of the Vulnerable Software and Affected Versions: Camaleon CMS (affected versions not specified)

Description: The issue concerns a path traversal vulnerability in the MediaController class. An attacker who has taken over an administrator account could potentially delete arbitrary files or folders on the server hosting Camaleon CMS. The vulnerability is exploited through the folder parameter in the actions method, which is then passed to the delete file method of the CamaleonCmsLocalUploader class without proper path validation. This allows an attacker to delete files outside the intended media folder. The estimated number of potentially affected devices is not provided.

Recommendations: To resolve the issue, normalize all file paths constructed from untrusted user input before using them and check that the resulting path is inside the targeted directory. Additionally, do not allow character sequences such as .. in untrusted input that is used to build paths. As a temporary workaround, consider restricting access to the delete file method of the CamaleonCmsLocalUploader class to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.