CVE-2025-48492 GetSimple CMS RCE in Edit component

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...

CVE-2025-48492

GetSimple CMS is affected in versions 3.3.16–3.3.21. An authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). The issue is mitigated by upgrading to version 3.3.22, w...

CVE-2025-48492 GetSimple CMS RCE in Edit component

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...

GetSimple CMS 命令注入漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS versions 3.3.16 through 3.3.21, which originates from a specially crafted query string that can be injected into arbitrary PHP code and executed by an authenticated user,...

PT-2025-23259 · Unknown · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimple CMS versions 3.3.16 through 3.3.21 Description: The issue allows an authenticated user with access to the Edit component to inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Co...

CVE-2024-55085

GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE...

CVE-2024-55088

GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery SSRF in the backend plugin module...

CVE-2024-55086

In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery SSRF can be achieved in the plug-in download address in the backend management system...

CVE-2023-51246

A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...

CVE-2022-41544

GetSimple CMS v3.3.16 was discovered to contain a remote code execution RCE vulnerability via the editedfile parameter in admin/theme-edit.php...

CVE-2022-1503

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like leads to cross site scripting. The attack may be launched remotely but...

CVE-2021-29400

A cross-site request forgery CSRF vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site...

CVE-2020-21353

A stored cross site scripting XSS vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module...

CVE-2020-23839

A Reflected Cross-Site Scripting XSS vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the logi...

CVE-2020-23837

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

CVE-2015-5356

Cross-site scripting XSS vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter...

CVE-2015-5355

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the 1 post-content or 2 post-title parameter to admin/edit.php...

CVE-2024-55088

GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery SSRF in the backend plugin module...

CVE-2024-55088

GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery SSRF in the backend plugin module...

CVE-2024-55086

In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery SSRF can be achieved in the plug-in download address in the backend management system...