## https://sploitus.com/exploit?id=1017FEE9-A2CD-587D-889D-E056A5FAD264
# CVE-2025-2304-POC
Manual poc for CVE-2025-2304: Camaleon CMS **Version**ย 2.9.0
Exploitation Steps
1. Log in as a low-privileged user (e.g., "Bob").
2. Intercept the password change using a proxy (e.g Burpsuite, caido and more)
3. Capture the updated_ajax request during a password change.
4. Inject the parameter password[role]=admin into the POST body and forward it (do not do it in the repeater)
5. The server processes the request and updates the user's role in the database.
6. You got privilege escalation
A python3 PoC will be available as soon as possible.