CVE-2017-8081

CVE-2017-8081 affects GetSimple CMS 3.3.13. The issue is a poor cryptographic salt initialization in admin/inc/template_functions.php, which can allow a network attacker to escalate privileges to an arbitrary user or perform CSRF attacks by manipulating session cookies or CSRF nonces. The root ca...

Cagintranet Networks GetSimple CMS Information Disclosure Vulnerability (CNVD-2017-04278)

Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. An information disclosure vulnerability exists in Cagintranet Networks GetSimple C...

Cagintranet Networks GetSimple CMS Information Disclosure Vulnerability

Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A security vulnerability exists in Cagintranet Networks GetSimple CMS version 3.3....

Information disclosure

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 data/users/.xml, 2 backups/users/.xml.bak, 3 data/other/authorization.xml, or 4 data/other/appid.xml...

Information disclosure

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 plugins/anonymousdata.php or 2 plugins/InnovationPlugin.php, which reveals the installation path in an error message...

CVE-2014-8723

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 plugins/anonymousdata.php or 2 plugins/InnovationPlugin.php, which reveals the installation path in an error message...

CVE-2014-8722

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 data/users/.xml, 2 backups/users/.xml.bak, 3 data/other/authorization.xml, or 4 data/other/appid.xml...

CVE-2014-8722

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 data/users/.xml, 2 backups/users/.xml.bak, 3 data/other/authorization.xml, or 4 data/other/appid.xml...

CVE-2014-8723

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 plugins/anonymousdata.php or 2 plugins/InnovationPlugin.php, which reveals the installation path in an error message...

CVE-2014-8723

GetSimple CMS 3.3.4 is affected. A information-disclosure vulnerability allows remote attackers to obtain the installation path by visiting direct URLs plugins/anonymous_data.php or plugins/InnovationPlugin.php, exposing sensitive info in error messages. The issue is documented across multiple so...

CVE-2014-8722

GetSimple CMS 3.3.4 is affected by CVE-2014-8722, enabling information disclosure via direct requests to (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, and (4) data/other/appid.xml. Root cause is exposed sensitive data without proper access control. Public expl...

Getsimple CMS 3.3.10 Shell Upload

Exploit Title: Getsimple CMS 2. An attacker login to the admin page and uploading the backdoor 3. The uploaded file will be under the "/data/uploads/" folder Report Timeline ============...

Getsimple CMS 3.3.10 - Arbitrary File Upload

Getsimple CMS 3.3.10 - Arbitrary File Upload Exploit Title: Getsimple CMS 2. An attacker login to the admin page and uploading the backdoor 3. The uploaded file will be under the "/data/uploads/" folder Report Timeline ======================== 2016-06-23 : Vulnerability reported to...

Getsimple CMS 3.3.10 - Arbitrary File Upload

Exploit for php platform in category web applications Exploit Title: Getsimple CMS 2. An attacker login to the admin page and uploading the backdoor 3. The uploaded file will be under the "/data/uploads/" folder Report Timeline =====...

Getsimple CMS 3.3.10 - Arbitrary File Upload

Exploit Title: Getsimple CMS 2. An attacker login to the admin page and uploading the backdoor 3. The uploaded file will be under the "/data/uploads/" folder Report Timeline ======================== 2016-06-23 : Vulnerability reported to v...

GetSimple CMS 3.3.7 Cross Site Scripting

Date: 12/10/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Reflected XSS Tested on: Windows 8.1 Product: GetSimple CMS Version: 3.3.7 Description: Application is vulnerable to Reflected XSS attack. There is a reflected XSS issue in the "uploads" section in version 3.3.7. When we...

GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2015-04183)

GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in the admin/filebrowser.php script in GetSimple CMS versio...

GetSimple CMS suffers from multiple cross-site scripting vulnerabilities (CNVD-2015-04182)

GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS versions prior to...

CVE-2015-5355

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the 1 post-content or 2 post-title parameter to admin/edit.php...

CVE-2015-5356

Cross-site scripting XSS vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter...