CVE-2024-4836

HIGH NUCLEI

Edito CMS <3.26 - Info Disclosure

Title source: llm

Description

Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected.

Nuclei Templates (1)

Edito CMS - Sensitive Data Leak

HIGHby s4e-io

FOFA: icon_hash="1491301339"

References (3)

[Various Sources] https://cert.pl/en/posts/2024/07/CVE-2024-4836

[Various Sources] https://cert.pl/posts/2024/07/CVE-2024-4836

[Various Sources] https://www.edito.pl/

Scores

CVSS v3 7.5

EPSS 0.6252

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-552

Status published

Products (1)

Edito/Edito CMS 3.5 - 3.25

Published Jul 02, 2024

Tracked Since Feb 18, 2026