CVE-2024-4836
published 2024-07-02CVE-2024-4836: Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration…
PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.63%
83.6th percentile
Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user.
The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edito | edito_cms | 3.5 – 3.25 | — |
Detection & IOCsextracted from sources · hover to see the quote
path/config.php
path/config/config.php
path/include/config.php
path/includes/config.php
othericon_hash="1491301339"
- →Fingerprint Edito CMS installations by checking the response body of the base URL for the strings 'content="edito' or 'www.edito.pl' with HTTP 200 status before probing config paths.
- →Confirm unauthenticated config file exposure by checking that the response body of the config path contains both 'db_password' and 'db_username' with HTTP 200 status.
- →Use FOFA icon hash '1491301339' to discover internet-exposed Edito CMS instances for proactive scanning.
- ·The vulnerability only affects Edito CMS versions 3.5 through 3.25; versions after the January 10, 2014 release and higher versions are not affected. ↗
- ·The Nuclei template uses a two-step flow: HTTP request 1 must confirm Edito CMS fingerprint before HTTP request 2 probes the config file paths.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Edito CMS - Sensitive Data Leak
nuclei·CVSS 7.5
CVE-2024-4836 [HIGH] Edito CMS - Sensitive Data Leak
Edito CMS - Sensitive Data Leak
Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.
Template:
id: CVE-2024-4836
info:
name: Edito CMS - Sensitive Data Leak
author: s4e-io
severity: high
description: |
Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.
impact: |
Unauthenticated attackers can download configuration files containing sensitive credentials from Edito CMS installations.
remediation: |
Update Edito CMS to a version later than 3.25 that secures configuration file access.
reference:
- https://cert.pl/en/posts/20
No writeups or analysis indexed.
2024-07-02
Published