← volver
CVE-2024-4836

LFI in sites managed by Edito CMS

CVSS 7.5 HIGHEPSS 2.6%CWE-552
Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Edito · Edito CMS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cert.pl/en/posts/2024/07/CVE-2024-4836https://cert.pl/posts/2024/07/CVE-2024-4836https://www.edito.pl/