3 matches found
CVE-2014-8790
GetSimple CMS 3.1.1–3.3.x (before 3.3.5 Beta 1) is affected by an XML External Entity (XXE) vulnerability in admin/api.php. The issue arises from passing unsanitized POST data to simplexml_load_string(), enabling an attacker to disclose arbitrary files via the data parameter. Impact is consistent...
GetSimple CMS 3.3.4 XML External Entity Injection Vulnerability
GetSimple CMS versions 3.1.1 through 3.3.4 suffer from an XML external entity injection vulnerability. ------------------------------------------------------------------ GetSimple CMS adddata$in; User input passed via the "data" POST parameter is not properly sanitized before being used in a call...
GetSimple CMS 3.3.4 XML External Entity Injection
------------------------------------------------------------------ GetSimple CMS adddata$in; User input passed via the "data" POST parameter is not properly sanitized before being used in a call to the "simplexmlloadstring" function at line 23. This can be exploited to carry out XML External Enti...