Share
## https://sploitus.com/exploit?id=323C1D63-D71C-5298-8EED-8BDE52FFB0E7
# Exploit-for-CVE-2025-2304

usage: exploit.py [-h] --url URL --username USERNAME --password PASSWORD

Description

Camaleon CMS is affected by a privilege escalation vulnerability due to unsafe mass assignment. The updated_ajax method in UsersController uses the permit! function, allowing unfiltered parameters to be processed. This can be abused by an authenticated user to modify restricted attributes and gain elevated privileges.

โš ๏ธ This exploit is provided for educational and research purposes only.