PT-2024-33090 · Edito Cms · Edito Cms
Published
2024-07-02
·
Updated
2024-07-02
·
CVE-2024-4836
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Edito CMS versions 3.5 through 3.25
Description
The issue allows unauthenticated users to download configuration files, leading to sensitive data leakage. The problem was resolved in releases dated from January 10th, 2014.
Recommendations
For Edito CMS versions 3.5 through 3.25, update to a version released after January 10th, 2014, to resolve the issue.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Edito Cms