High severityOSV Advisory· Published Dec 26, 2025· Updated Dec 27, 2025

CVE-2024-42718

Description

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
croogo/croogoPackagist	<= 4.0.7	—

Affected products

Croogo/CroogoOSV
Range: 2.3.3, 3.0.0, 3.0.1, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-g5p6-3j82-xfm4ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-42718ghsaADVISORY
github.com/jacopo1223/jacopo.github/tree/main/CVE-2024-42718ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000