PT-2025-19925 · 74Cms · 74Cms
2681661003
·
Published
2025-05-06
·
Updated
2025-08-18
·
CVE-2025-4329
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
74CMS versions up to 3.33.0
Description
A vulnerability was found in the function
index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Recommendations
For 74CMS versions up to 3.33.0, consider disabling the
index function in the /index.php/index/download/index file until a patch is available. Restrict access to the url argument to minimize the risk of exploitation. Avoid using the url argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
74Cms