Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
get-simple vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-17103
An issue exists in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter
Get-simple Getsimple Cms 3.3.13
6.5
CVSSv2
CVE-2021-28976
Remote Code Execution vulnerability in GetSimpleCMS prior to 3.3.16 in admin/upload.php via phar filess.
Get-simple Getsimplecms
6.4
CVSSv2
CVE-2020-18191
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
Get-simple Getsimplecms 3.3.15
5.8
CVSSv2
CVE-2020-18660
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.
Get-simple Getsimplecms
5.8
CVSSv2
CVE-2019-9915
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
Get-simple. Getsimplecms 3.3.13
5
CVSSv2
CVE-2019-11231
An issue exists in GetSimple CMS up to and including 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be by...
Get-simple Getsimple Cms
1 EDB exploit
5
CVSSv2
CVE-2014-8723
GetSimple CMS 3.3.4 allows remote malicious users to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
Get-simple Getsimple Cms 3.3.4
5
CVSSv2
CVE-2014-8722
GetSimple CMS 3.3.4 allows remote malicious users to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
Get-simple Getsimple Cms 3.3.4
5
CVSSv2
CVE-2014-8790
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 up to and including 3.3.x prior to 3.3.5 Beta 1, when in certain configurations, allows remote malicious users to read arbitrary files via the data parameter.
Get-simple Getsimple Cms 3.3.2
Get-simple Getsimple Cms 3.2
Cagintranetworks Getsimple Cms 3.3.3
Cagintranetworks Getsimple Cms 3.3.4
Get-simple Getsimple Cms 3.1.1
Get-simple Getsimple Cms 3.1.2
Get-simple Getsimple Cms 3.2.1
Get-simple Getsimple Cms 3.2.2
Get-simple Getsimple Cms 3.3.0
Get-simple Getsimple Cms 3.2.3
Get-simple Getsimple Cms 3.3.1
4.3
CVSSv2
CVE-2021-36601
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.
Get-simple Getsimplecms 3.3.16
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »