Request to Check Email Regarding Security Advisory

[paragbagul111]

Description:
I am reaching out to the vendor through this issue to kindly request that you check your email regarding an important matter related to a security advisory for Camaleon CMS. I have sent multiple emails to the provided contact address but have not received a response.

The email contains crucial information regarding a security vulnerability that has been responsibly disclosed to your team. It is essential that you review the email as soon as possible to ensure the timely and appropriate handling of the vulnerability.

Please publish a security advisory on your official repo, providing details about the vulnerability, its potential impact, and instructions for users to update to the patched version. This will ensure users are aware of the issue and can take appropriate actions to secure their systems.

Thank you for your attention to this matter.

Parag Bagul

[paragbagul111]

Hello team

I have prepared a draft of a security advisory that you can share with your customers. You can find it below:

[Advisory Draft]

Dear Valued Customers,

We are writing to bring to your attention a critical security vulnerability affecting all versions of Camaleon CMS prior to version 2.7.0, as well as an additional vulnerability discovered in Camaleon CMS v2.7.0. This Server-Side Template Injection (SSTI) vulnerability, which has been assigned the CVE number CVE-2023-30145, could potentially allow an attacker to execute arbitrary code on the server, leading to unauthorized access to sensitive information and a complete compromise of the application's data and functionality.

We are pleased to inform you that we have taken immediate action to address these vulnerabilities and have released a patch in the latest version of Camaleon CMS (version 2.7.0). We strongly urge all users of Camaleon CMS to upgrade to this latest version without delay to ensure the security of their applications.

To protect your systems and data, we advise the following steps:

Visit [provide the appropriate link] to download the latest version of Camaleon CMS (v2.7.0).
Follow the installation instructions carefully to apply the patch.
After installation, thoroughly test your application to ensure proper functionality and security.
Additionally, we would like to emphasize the importance of regularly updating your software to the latest version and adhering to best practices for web application security. Regular updates and maintenance are essential in mitigating potential risks.

Should you have any questions, concerns, or require assistance during the upgrade process, please do not hesitate to reach out to our support team at [provide contact information].

Thank you for your attention to this matter. Your security and satisfaction are of utmost importance to us.

Sincerely,

[Your Name]
[Your Contact Information]

Please feel free to modify and personalize this draft as needed. If you have any further questions or concerns, please don't hesitate to let me know. I'm here to assist you.

[paragbagul111]

Hello team,

I have prepared a draft of a security advisory regarding the Camaleon CMS vulnerabilities. I believe it's crucial to inform our customers about these issues and guide them on how to update and secure their systems.

I have shared the draft advisory in the repository, and I would appreciate it if someone from the team could review and provide feedback. Additionally, could you please let me know when we can expect the advisory to be published?

Thank you for your attention to this matter.

Best regards,
Parag Bagul

[paragbagul111]

Hello @owen2345 @brian-kephart

I have not received a response regarding the email, and I'm wondering if there have been any updates on this matter. It is crucial that we release a security advisory as soon as possible in order to inform our users about the need to upgrade to the latest version. Could you please provide me with an estimated timeframe for this release?

Thank you.

[texpert]

@paragbagul111, thanks for reporting the isssue.

It has been fixed in the 2.7.5 release - https://github.com/owen2345/camaleon-cms/releases/tag/2.7.5

[texpert]

Closing as fixed.