GetSimple CMS 3.3.13 - Open Redirect

GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-9915 info: name: GetSimple CMS...

PT-2018-13897 · Getsimple · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimple CMS version 3.3.13 Description: An issue was discovered that allows for a CSRF vulnerability, which can change the administrator's password via the "admin/settings.php" endpoint. The vendor reported that the proof of concept was...

CVE-2018-9173

Cross-site scripting XSS vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter...

Cross site request forgery (csrf)

Poor cryptographic salt initialization in admin/inc/templatefunctions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce...