A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit!Β method, which allows all parameters to pass through without any filtering.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation2 reference(s) from NVD