CVE-2024-46986

Summary

CVE-2024-46986 identifies a critical arbitrary file write vulnerability in Camaleon CMS, a Ruby on Rails-based content management system. This flaw allows authenticated users to write files to any location on the web server through the MediaController's upload method, which could lead to delayed remote code execution if a malicious actor writes a Ruby file in sensitive directories. The vulnerability has an exploitability score of 3.1 and is rated as critical, with potential high impacts on confidentiality, integrity, and availability. Users are urged to upgrade to release version 2.8.2, as there are no known workarounds for this issue. The attack vector is network-based, requiring low privileges and no user interaction.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.