High severity7.5NVD Advisory· Published Jul 2, 2024· Updated Apr 15, 2026

CVE-2024-4836

Description

Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.pl/en/posts/2024/07/CVE-2024-4836nvd
cert.pl/posts/2024/07/CVE-2024-4836nvd
www.edito.plnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.050
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000