Skip to content

Camaleon CMS CVE 2024 46987#21122

Open
bootstrapbool wants to merge 5 commits intorapid7:masterfrom
bootstrapbool:camaleon_cms_cve_2024_46987
Open

Camaleon CMS CVE 2024 46987#21122
bootstrapbool wants to merge 5 commits intorapid7:masterfrom
bootstrapbool:camaleon_cms_cve_2024_46987

Conversation

@bootstrapbool
Copy link

@bootstrapbool bootstrapbool commented Mar 15, 2026

This change adds a module to exploit CVE-2024-46987 resulting in reading arbitrary files on Camaleon CMS >= 2.8.0 as well as 2.9.0

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use auxiliary/gather/camaleon_traversal
  • set rhost {target host}
  • set rport {target port}
  • run
  • On success the content of the specified file will be output.
  • If the credentials entered are incorrect a "Authentication failed" error message will be output.
  • If the module runs into any other error a "Exploit failed" error message will be output.

*pcap sent to msfdev@metasploit.com

@bootstrapbool
Adds camaleon_traversal module/documentation
d65cc56
@bootstrapbool
Moves camaleon_traversal module to auxiliary/gather
25f6f6b 
Adds missing options to documentation

Makes verbose option not required

Changes VHOST option type - some reason "address" type domain names were
marked as "invalid"
@bootstrapbool
Removes python camaleon module, adds ruby camaleon module
aa27251 
Updates documentation
@bootstrapbool
Merge branch 'master' into camaleon_cms_cve_2024_46987
5b9dc0f
@bootstrapbool
msftidy changes
31b58e7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Metasploit Kanban
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bootstrapbool @smcintyre-r7