.. / CVE-2024-4836

Exploit for Edito CMS - Sensitive Data Leak (CVE-2024-4836)

Description:

Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.

Nuclei Template

View the template here CVE-2024-4836.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-4836.yaml
Copy

References:

https://cert.pl/en/posts/2024/07/CVE-2024-4836/
https://github.com/sleep46/CVE-2024-4836_Check
https://nvd.nist.gov/vuln/detail/CVE-2024-4836