163 matches found
CVE-2020-18658
Cross Site Scriptiong XSS vulnerability in GetSimpleCMS =3.3.15 via the timezone parameter to settings.php...
CVE-2020-18659
Cross Site Scripting vulnerability in GetSimpleCMS =3.3.15 via the 1 sitename, 2 username, and 3 email parameters to /admin/setup.php...
CVE-2020-18191
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php...
CVE-2019-9915
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter...
CVE-2018-19420
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g., the test or test.asdf filename, because of admin/upload-uploadify.php, and validatesafefile in...
GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)
Exploit Title: GetSimpleCMS 3.3.16 - Remote Code Execution RCE Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/GetSimpleCMS/GetSimpleCMS Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS Version: 3.3.16 Tested on: Ubuntu Windows CVE : CVE-2021-28976 PoC-1...
📄 GetSimpleCMS Shell Upload
GetSimple CMS versions prior to 3.3.16 suffer from a remote code execution vulnerability via a PHAR file upload in admin/upload.php. Exploit Title: GetSimpleCMS 2. Write a PHP script to create the .phar file: Use the Phar class in PHP to package the index.php file into a .phar archive. Create a...
CVE-2024-11125
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and m...
CVE-2024-11125
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and m...
CVE-2024-11125 GetSimpleCMS profile.php cross-site request forgery
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and m...
CVE-2024-11125 GetSimpleCMS profile.php cross-site request forgery
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and m...
CVE-2024-11125
GetSimpleCMS 3.3.16 is affected by a cross-site request forgery involving the /admin/profile.php endpoint. The issue’s root cause is related to processing in that file, enabling an attacker to perform CSRF remotely. Multiple sources (NVD, RH Red Hat, OSV, CVE records) corroborate the vulnerabilit...
GetSimpleCMS 安全漏洞
GetSimpleCMS is a content management system open-sourced by an individual developer GetSimpleCMS. A security vulnerability exists in GetSimpleCMS version 3.3.16, which stems from the file /admin/profile.php can lead to a cross-site request forgery vulnerability...
CVE-2023-6188
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...
CVE-2023-6188
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...
Code injection
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...
CVE-2023-6188 GetSimpleCMS theme-edit.php code injection
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...
CVE-2023-6188 GetSimpleCMS theme-edit.php code injection
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...
CVE-2023-6188
GetSimpleCMS 3.3.16/3.4.0a exposes a vulnerability in /admin/theme-edit.php allowing code injection. The issue can be triggered remotely; public exploit activity is noted. Mitigation per PT-2023-32557: restrict access to /admin/theme-edit.php or avoid using theme-edit.php until a patch is availab...
PT-2023-32557 · Unknown · Getsimple Cms
Name of the Vulnerable Software and Affected Versions: GetSimpleCMS versions 3.3.16 through 3.4.0a Description: A critical issue affects the processing of the file /admin/theme-edit.php, leading to code injection. The attack can be initiated remotely. Recommendations: For versions 3.3.16 through...