Lucene search
+L

462 matches found

cnnvd
cnnvd
added 2026/02/21 12:0 a.m.12 views

GetSimple CMS 代码问题漏洞

GetSimple CMS is an open-source content management system developed by GetSimple CMS. There are code issues and vulnerabilities in GetSimple CMS; these vulnerabilities stem from the lack of cross-site request forgery protection in the file upload endpoint, which may lead to arbitrary file uploads...

7.1CVSS5.9AI score0.00174EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/02/20 11:26 p.m.7 views

CVE-2026-27202

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS5.8AI score0.00527EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/02/20 11:26 p.m.6 views

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS5.5AI score0.00527EPSS
Exploits1References1
cve
cve
added 2026/02/20 11:26 p.m.23 views

CVE-2026-27202

CVE-2026-27202 concerns GetSimple CMS. All versions are affected by a flaw in the Uploaded Files feature that enables arbitrary file reads. The issue is reported as not fixed at publication. The available documents do not provide exploit details or concrete attack vectors. The CVSS data indicates...

8.8CVSS5.8AI score0.00527EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2026/02/20 11:26 p.m.32 views

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS0.00527EPSS
Exploits1References1
osv
osv
added 2026/02/20 11:26 p.m.10 views

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS5.7AI score0.00527EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/02/20 11:19 p.m.5 views

CVE-2026-27161

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

8.7CVSS5.7AI score0.00412EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/02/20 11:19 p.m.4 views

CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

8.7CVSS5.5AI score0.00412EPSS
Exploits1References1
cve
cve
added 2026/02/20 11:19 p.m.26 views

CVE-2026-27161

GetSimple CMS is affected: all versions rely on .htaccess to restrict access to /data/ and /backups/. If Apache AllowOverride is disabled, protections can be bypassed, allowing unauthenticated attackers to list and download sensitive files such as authorization.xml, which contains cryptographic s...

8.7CVSS5.7AI score0.00412EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2026/02/20 11:19 p.m.29 views

CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

8.7CVSS0.00412EPSS
Exploits1References1
osv
osv
added 2026/02/20 11:19 p.m.7 views

CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

8.7CVSS5.6AI score0.00412EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/02/20 11:14 p.m.3 views

CVE-2026-27147 GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated)

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

6.9CVSS5.4AI score0.00197EPSS
Exploits1References1
cve
cve
added 2026/02/20 11:14 p.m.16 views

CVE-2026-27147

GetSimple CMS is affected by a stored XSS due to unsanitized SVG uploads. All versions are vulnerable; authenticated users can upload SVG files via the admin upload function, and the uploaded SVGs execute JavaScript when viewed. The issue is described as not having a fix at the time of publicatio...

6.9CVSS5.6AI score0.00197EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/02/20 11:14 p.m.8 views

CVE-2026-27147 GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated)

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

6.9CVSS5.5AI score0.00197EPSS
Exploits1References3
cvelist
cvelist
added 2026/02/20 11:14 p.m.29 views

CVE-2026-27147 GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated)

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

6.9CVSS0.00197EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/02/20 11:14 p.m.5 views

CVE-2026-27147

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

6.9CVSS5.6AI score0.00197EPSS
Exploits1References2Affected Software1
cve
cve
added 2026/02/20 11:10 p.m.18 views

CVE-2026-27146

GetSimple CMS is affected by a CSRF on the administrative file upload endpoint across all versions due to missing CSRF protection. An attacker can craft a malicious page that silently triggers a file upload from an authenticated admin user’s browser without a token or origin validation, enabling ...

7.1CVSS5.9AI score0.00174EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2026/02/20 11:10 p.m.35 views

CVE-2026-27146 GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

7.1CVSS0.00174EPSS
Exploits1References1
osv
osv
added 2026/02/20 11:10 p.m.9 views

CVE-2026-27146 GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

7.1CVSS5.8AI score0.00174EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/02/20 12:0 a.m.5 views

PT-2026-21325

Name of the Vulnerable Software and Affected Versions GetSimple CMS affected versions not specified Description GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache...

8.7CVSS5.3AI score0.00412EPSS
Exploits1References10
Rows per page
Query Builder