{"vulnerability": "CVE-2024-46986", "sightings": [{"uuid": "07bb9b69-4c03-48de-a53f-284a96bc4d3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46986", "type": "published-proof-of-concept", "source": "https://t.me/information_security_channel/53596", "content": "CVE-2024-46986 \u2013 Arbitrary File Write in Camaleon CMS Leading to RCE\nhttps://www.offsec.com/blog/cve-2024-46986/\n\nA vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions.\nThe post CVE-2024-46986 \u2013 Arbitrary File Write in Camaleon CMS Leading to RCE (https://www.offsec.com/blog/cve-2024-46986/) appeared first on OffSec (https://www.offsec.com/).", "creation_timestamp": "2025-05-22T22:16:05.000000Z"}, {"uuid": "fdd22fba-3f39-465d-8f35-2d36b03c92d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46986", "type": "seen", "source": "https://t.me/cvedetector/6006", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46986 - Camaleon CMS Ruby on Rails File Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46986 \nPublished : Sept. 18, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T20:55:56.000000Z"}]}