Miggo Logo
Miggo Vulnerability Database
CVE-2021-25972

CVE-2021-25972:
Camaleon CMS vulnerable to Server-Side Request Forgery

4.9

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-25972
GHSA ID
GHSA-vx6p-q4gj-x6xx
EPSS Score
0.54831%
CWE
CWE-918
Published
5/24/2022
Updated
3/6/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
camaleon_cmsrubygems>= 2.1.2.0, < 2.6.0.12.6.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in the media upload URL handling logic. The 'actions' method in media_controller.rb directly passed user-controlled URLs to cama_tmp_upload without localhost validation. The patch added a local_url? check and error handling precisely in this method, confirming this was the vulnerable flow. The function's responsibility for processing external URL parameters and initiating fetches makes it the SSRF entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In **m*l*on *MS, v*rsions *.*.*.* t*rou** *.*.*, *r* vuln*r**l* to S*rv*r-Si** R*qu*st *or**ry (SSR*) in t** m**i* uplo** ***tur*, w*i** *llows **min us*rs to **t** m**i* *il*s *rom *xt*rn*l URLs *ut **ils to v*li**t* URLs r***r*n*in* to lo**l*ost or

Reasoning

T** vuln*r**ility m*ni**sts in t** m**i* uplo** URL **n*lin* lo*i*. T** '**tions' m*t*o* in m**i*_*ontroll*r.r* *ir**tly p*ss** us*r-*ontroll** URLs to **m*_tmp_uplo** wit*out lo**l*ost v*li**tion. T** p*t** ***** * lo**l_url? ****k *n* *rror **n*lin