Share
## https://sploitus.com/exploit?id=99EEC46E-1987-5377-B5E5-3C757824FDDC
# Camaleon CMS  -p 
```

### Arguments

- -t, --target    Base target URL
- -u, --username  Valid low-privileged username
- -p, --password  User password

---

## Exploit Flow

1. Retrieve login page and extract CSRF token
2. Authenticate with provided credentials
3. Access profile edit page
4. Extract password update endpoint and CSRF token
5. Send forged PATCH request including password[role]=admin
6. Verify role escalation
7. Output valid session cookies

---

## Successful Exploitation

On success, the script:

- Confirms authentication
- Updates the password
- Escalates the user role to admin
- Prints reusable session cookies

---

## Mitigation

- Upgrade Camaleon CMS


---

## Disclaimer

For educational and authorized security testing only.
Unauthorized use is prohibited.