Path traversal vulnerability in Chameleon Power products

Posted date 22/11/2023
4 - High
Affected Resources
  • Chameleon Power framework, 1.0 version.

INCIBE has coordinated the publication of one vulnerabilitiy that affects Chameleon Power framework, which has been discovered by Daniel Martínez Adan (adon90), member of Holcim EDC.

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-6252: CVSS v3.1: 7.5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-35.

There is no reported solution at this time.

  • CVE-2023-6252: path traversal vulnerability affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.
References list