2 matches found
CVE-2024-4836 LFI in sites managed by Edito CMS
Web services managed by Edito CMS Content Management System in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versio...
CVE-2024-4836
Edito CMS Web services expose a sensitive data leak in versions 3.5–3.25 by allowing unauthenticated download of configuration files. The issue was fixed in releases after January 10, 2014; higher versions were never affected. Remediation: update to a version later than 3.25. No exploitation deta...