Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
get-simple vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2018-17103
An issue exists in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter
Get-simple Getsimple Cms 3.3.13
578
VMScore
CVE-2021-28976
Remote Code Execution vulnerability in GetSimpleCMS prior to 3.3.16 in admin/upload.php via phar filess.
Get-simple Getsimplecms
570
VMScore
CVE-2020-18191
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
Get-simple Getsimplecms 3.3.15
516
VMScore
CVE-2020-18660
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.
Get-simple Getsimplecms
516
VMScore
CVE-2019-9915
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
Get-simple. Getsimplecms 3.3.13
505
VMScore
CVE-2019-11231
An issue exists in GetSimple CMS up to and including 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be by...
Get-simple Getsimple Cms
1 EDB exploit
445
VMScore
CVE-2014-8722
GetSimple CMS 3.3.4 allows remote malicious users to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
Get-simple Getsimple Cms 3.3.4
445
VMScore
CVE-2014-8723
GetSimple CMS 3.3.4 allows remote malicious users to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
Get-simple Getsimple Cms 3.3.4
445
VMScore
CVE-2014-8790
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 up to and including 3.3.x prior to 3.3.5 Beta 1, when in certain configurations, allows remote malicious users to read arbitrary files via the data parameter.
Get-simple Getsimple Cms 3.3.2
Get-simple Getsimple Cms 3.2
Cagintranetworks Getsimple Cms 3.3.3
Cagintranetworks Getsimple Cms 3.3.4
Get-simple Getsimple Cms 3.1.1
Get-simple Getsimple Cms 3.1.2
Get-simple Getsimple Cms 3.2.1
Get-simple Getsimple Cms 3.2.2
Get-simple Getsimple Cms 3.3.0
Get-simple Getsimple Cms 3.2.3
Get-simple Getsimple Cms 3.3.1
435
VMScore
CVE-2018-9173
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote malicious users to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
Get-simple Getsimple Cms 3.3.13
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »