CVE-2026-10715

Sažetak

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.

Reference

https://fluidattacks.com/es/advisories/billie
https://github.com/owen2345/camaleon-cms
https://fluidattacks.com/es/advisories/billie

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

12-06-2026 - 20:16

Objavljeno

12-06-2026 - 19:16