Vulners
Lucene search
GetSimple CMS 3.3.4 XML External Entity Injection
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | GetSimple CMS 3.3.4 XML External Entity Injection Vulnerability | 1 Jan 201500:00 | – | zdt |
 | GetSimple CMS 'api.php' XML External Entity Information Disclosure Vulnerability | 4 Jan 201500:00 | – | cnvd |
 | CVE-2014-8790 | 20 Jan 201515:00 | – | cve |
 | CVE-2014-8790 | 20 Jan 201515:00 | – | cvelist |
 | EUVD-2014-8620 | 7 Oct 202500:30 | – | euvd |
 | CVE-2014-8790 | 20 Jan 201515:59 | – | nvd |
 | Xxe | 20 Jan 201515:59 | – | prion |
`------------------------------------------------------------------
GetSimple CMS <= 3.3.4 (api.php) XML External Entity Vulnerability
------------------------------------------------------------------
[-] Software Link:
http://get-simple.info/
[-] Affected Versions:
All versions from 3.1.1 to 3.3.4.
[-] Vulnerability Description:
The vulnerable code is located in the /admin/api.php script:
22. #step 2 - setup request
23. $in = simplexml_load_string($_POST['data'], 'SimpleXMLExtended', LIBXML_NOCDATA);
24. $request = new API_Request();
25. $request->add_data($in);
User input passed via the "data" POST parameter is not properly sanitized before being used in a
call to the "simplexml_load_string()" function at line 23. This can be exploited to carry out XML
External Entity (XXE) attacks, resulting in arbitrary file disclosures. Successful exploitation
of this vulnerability requires the External API to be enabled from within the gsconfig.php file
and the application running on PHP before version 5.3.23 or 5.4.13.
NOTE: this vulnerability might be abused to disclose sensitive data stored in XML files, which
might allow attackers to bypass the authentication mechanism and access the administration
panel in order to achieve arbitrary PHP code execution.
[-] Solution:
Update to version 3.3.5 Beta 1 or disable the External API.
[-] Disclosure Timeline:
[22/10/2014] - First attempt to contact the vendor
[28/10/2014] - Issue reported to http://git.io/HEjBUg
[29/10/2014] - CVE number requested
[13/11/2014] - CVE number assigned
[02/12/2014] - Version 3.3.5 Beta 1 released
[31/12/2014] - Publication of this advisory
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-8790 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2014-17
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Dec 2014 00:00Current
0.7Low risk
Vulners AI Score0.7
EPSS0.00657