## https://sploitus.com/exploit?id=323C1D63-D71C-5298-8EED-8BDE52FFB0E7
# Exploit-for-CVE-2025-2304
usage: exploit.py [-h] --url URL --username USERNAME --password PASSWORD
Description
Camaleon CMS is affected by a privilege escalation vulnerability due to unsafe mass assignment. The updated_ajax method in UsersController uses the permit! function, allowing unfiltered parameters to be processed. This can be abused by an authenticated user to modify restricted attributes and gain elevated privileges.
โ ๏ธ This exploit is provided for educational and research purposes only.