Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user.
The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected.
References
Configurations
No configuration.
History
02 Jul 2024, 12:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
02 Jul 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-02 09:15
Updated : 2024-07-02 12:09
NVD link : CVE-2024-4836
Mitre link : CVE-2024-4836
CVE.ORG link : CVE-2024-4836
JSON object : View
Products Affected
No product.
CWE
CWE-552
Files or Directories Accessible to External Parties