CVE-2026-10715
Published
CVSS v3
N/A
CVSS v2
N/A
Affected
1
PROJECT
Description
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails
GitHub