CWE-CWE-200

Sitecore Arbitrary File Read (CVE-2024-46938)

Severity:

High

Summary

The web application uses Sitecore platform. This version of Sitecore platform has an arbitrary file read vulnerability. Successful exploitation of the vulnerability can result in takeover of the server.

Impact

Successful attacks of this vulnerability can result in takeover of the server.

Remediation

Upgrade to the latest version of Sitecore

Required Skills for Successful Exploitation

Actions To Take

Classifications

CWE-CWE-200

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

GraphiQL Explorer/Playground Enabled

GraphQL Introspection Query Enabled

Wing FTP Anonymous access

Sitecore Arbitrary File Read (CVE-2024-46938)

Vite Arbitrary File Read (CVE-2025-30208, CVE-2025-31125)

Featured resources

Blog

Strengthening enterprise application security: Invicti acquires Kondukto

Read this article

Blog

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Read this article

Blog

Friends don’t let friends shift left: Shift smarter with DAST-first AppSec

Read this article

Blog

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Read this article

No items found.

View all resources

Build your resistance to threats. And save hundreds of hours each month.

Get a Demo