CVE-2026-28495

CVE-2026-28495 affects GetSimple CMS via the bundled massiveAdmin plugin in GetSimpleCMS-CE v3.3.22. The description states an authenticated administrator can overwrite the gsconfig.php configuration file with arbitrary PHP code through the gsconfig editor module, due to lack of CSRF protection. ...

CVE-2026-28495 GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php

GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...

CVE-2026-27202

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

CVE-2021-47778

CVE-2021-47778 affects GetSimple CMS My SMTP Contact Plugin 1.1.2. A PHP code injection vulnerability exists that allows an authenticated administrator to inject arbitrary PHP code via plugin configuration parameters, resulting in remote code execution on the server. The Red Hat and NVD/NVD-deriv...

PT-2026-3796

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

GetSimple Content Management System: Code Injection Vulnerability

GetSimple Content Management System is an open-source content management system developed by GetSimpleCMS. Version 1.1.2 of GetSimple Content Management System has a code injection vulnerability. This vulnerability stems from PHP code injection through plugin configuration parameters, which may...

GetSimple CMS cross-site scripting vulnerability

GetSimple CMS is an open-source content management system developed by GetSimple CMS. Version 1.1.2 of GetSimple CMS contains a cross-site scripting vulnerability. This vulnerability stems from insufficient cleaning and escaping of characters, which may lead to storage-based cross-site scripting...

Exploit for Code Injection in Get-Simple Getsimple_Cms

CVE-2022-41544 - GetSimple CMS RCE Exploit Overview This...

GetSimple CMS 安全漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which stems from a vulnerability in the back-end plugin module to a server-side request forgery attack...

getsimplecms 代码问题漏洞

GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A remote code execution vulnerability exists in admin/upload.php in GetSimple CMS versions prior to 3.3.16. An attacker can exploit this vulnerability to achieve remote code execution via phar files...

GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2020-63995)

GetSimple CMS is a content management system CMS written in PHP. A security vulnerability exists in GetSimple CMS version 3.3.16, which originates from allowing persistent cross-site scripting execution of "permalinks" on parameter setting pages when you create and open a new page. No details of...

GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2015-04183)

GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in the admin/filebrowser.php script in GetSimple CMS versio...