Security
Headlines

Headlines Latest CVEs

Headline

GHSA-g5p6-3j82-xfm4: Croogo CMS has a path traversal vulnerability

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the ‘edit-file’ parameter.

2 months ago

#vulnerability #git #intel

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2024-42718

Croogo CMS has a path traversal vulnerability

High severity GitHub Reviewed Published Dec 26, 2025 to the GitHub Advisory Database • Updated Dec 26, 2025

Package

composer croogo/croogo (Composer)

Affected versions

<= 4.0.7

Description

Published to the GitHub Advisory Database

Dec 26, 2025

Last updated

Dec 26, 2025

EPSS score

ghsa: Latest News

GHSA-j4rc-96xj-gvqc: phpMyFAQ: Public API endpoints expose emails and invisible questions

1 month ago

GHSA-wm8h-26fv-mg7g: phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)

1 month ago

GHSA-7p9h-m7m8-vhhv: phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)

1 month ago

GHSA-w7rq-fgx4-4xcm: LavaLite CMS affected by a stored cross-site scripting vulnerability

1 month ago

GHSA-mxc8-4jqf-368q: miniserve affected by a TOCTOU and symlink race vulnerability

1 month ago