← voltar
CVE-2024-4836

LFI in sites managed by Edito CMS

CVSS 7.5 HIGHEPSS 2.6%CWE-552
Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
Edito · Edito CMS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cert.pl/en/posts/2024/07/CVE-2024-4836https://cert.pl/posts/2024/07/CVE-2024-4836https://www.edito.pl/