CVE-2024-4836
HIGH NUCLEIEdito CMS 3.5-3.25 - Unauthenticated Sensitive Data Exposure via Configuration File Download
Title source: llmExploitation Summary
CVE-2024-4836 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected.
Nuclei Templates (1)
Edito CMS - Sensitive Data Leak
HIGHby s4e-io
FOFA:
icon_hash="1491301339"
References (3)
Core 3
Core References
Various Sources product
https://www.edito.pl/
Various Sources third-party-advisory
https://cert.pl/en/posts/2024/07/CVE-2024-4836
Various Sources third-party-advisory
https://cert.pl/posts/2024/07/CVE-2024-4836
Scores
CVSS v3
7.5
EPSS
0.0263
EPSS Percentile
83.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-552
Status
published
Products (1)
Edito/Edito CMS
3.5 - 3.25
Published
Jul 02, 2024
Tracked Since
Feb 18, 2026