Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.
{ "source": [ "CPE_RANGE", "REFERENCES" ], "cpe": "cpe:2.3:a:tuzitio:camaleon_cms:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0.1.7" }, { "last_affected": "2.6.0" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25970.json"