Lucene search
K

163 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:6 p.m.7 views

CVE-2020-18658

Cross Site Scriptiong XSS vulnerability in GetSimpleCMS =3.3.15 via the timezone parameter to settings.php...

6.1CVSS6.2AI score0.01371EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:53 p.m.11 views

CVE-2020-18659

Cross Site Scripting vulnerability in GetSimpleCMS =3.3.15 via the 1 sitename, 2 username, and 3 email parameters to /admin/setup.php...

6.1CVSS6.4AI score0.01298EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:16 p.m.6 views

CVE-2020-18191

GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php...

9.1CVSS7.1AI score0.02066EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:23 a.m.10 views

CVE-2019-9915

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter...

6.1CVSS6.9AI score0.03626EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:29 a.m.9 views

CVE-2018-19420

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g., the test or test.asdf filename, because of admin/upload-uploadify.php, and validatesafefile in...

4CVSS6.5AI score0.00777EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.217 views

GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)

Exploit Title: GetSimpleCMS 3.3.16 - Remote Code Execution RCE Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/GetSimpleCMS/GetSimpleCMS Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS Version: 3.3.16 Tested on: Ubuntu Windows CVE : CVE-2021-28976 PoC-1...

7.2CVSS7AI score0.07548EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.159 views

📄 GetSimpleCMS Shell Upload

GetSimple CMS versions prior to 3.3.16 suffer from a remote code execution vulnerability via a PHAR file upload in admin/upload.php. Exploit Title: GetSimpleCMS 2. Write a PHP script to create the .phar file: Use the Phar class in PHP to package the index.php file into a .phar archive. Create a...

7.2CVSS7.2AI score0.07548EPSS
Exploits3
NVD
NVD
added 2024/11/12 3:15 p.m.20 views

CVE-2024-11125

A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

6.9CVSS0.00367EPSS
Exploits1References4
OSV
OSV
added 2024/11/12 3:15 p.m.5 views

CVE-2024-11125

A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

4.3CVSS6.6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/12 2:31 p.m.14 views

CVE-2024-11125 GetSimpleCMS profile.php cross-site request forgery

A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

6.9CVSS6.6AI score0.00367EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/11/12 2:31 p.m.18 views

CVE-2024-11125 GetSimpleCMS profile.php cross-site request forgery

A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

6.9CVSS0.00367EPSS
Exploits1References4
CVE
CVE
added 2024/11/12 2:31 p.m.52 views

CVE-2024-11125

GetSimpleCMS 3.3.16 is affected by a cross-site request forgery involving the /admin/profile.php endpoint. The issue’s root cause is related to processing in that file, enabling an attacker to perform CSRF remotely. Multiple sources (NVD, RH Red Hat, OSV, CVE records) corroborate the vulnerabilit...

6.9CVSS4.5AI score0.00367EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.4 views

GetSimpleCMS 安全漏洞

GetSimpleCMS is a content management system open-sourced by an individual developer GetSimpleCMS. A security vulnerability exists in GetSimpleCMS version 3.3.16, which stems from the file /admin/profile.php can lead to a cross-site request forgery vulnerability...

6.9CVSS4.9AI score0.00367EPSS
Exploits1References4
NVD
NVD
added 2023/11/17 6:15 p.m.15 views

CVE-2023-6188

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

9.8CVSS0.00972EPSS
Exploits1References4
OSV
OSV
added 2023/11/17 6:15 p.m.5 views

CVE-2023-6188

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

9.8CVSS7.4AI score
Exploits0References4
Prion
Prion
added 2023/11/17 6:15 p.m.19 views

Code injection

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

5.8CVSS7.8AI score0.00972EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/11/17 5:31 p.m.17 views

CVE-2023-6188 GetSimpleCMS theme-edit.php code injection

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

5.8CVSS10AI score0.00972EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/11/17 5:31 p.m.10 views

CVE-2023-6188 GetSimpleCMS theme-edit.php code injection

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

5.8CVSS7.8AI score0.00972EPSS
Exploits1References4
CVE
CVE
added 2023/11/17 5:31 p.m.89 views

CVE-2023-6188

GetSimpleCMS 3.3.16/3.4.0a exposes a vulnerability in /admin/theme-edit.php allowing code injection. The issue can be triggered remotely; public exploit activity is noted. Mitigation per PT-2023-32557: restrict access to /admin/theme-edit.php or avoid using theme-edit.php until a patch is availab...

9.8CVSS6.4AI score0.00972EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/17 12:0 a.m.3 views

PT-2023-32557 · Unknown · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimpleCMS versions 3.3.16 through 3.4.0a Description: A critical issue affects the processing of the file /admin/theme-edit.php, leading to code injection. The attack can be initiated remotely. Recommendations: For versions 3.3.16 through...

9.8CVSS6.5AI score0.00972EPSS
Exploits1References8
Rows per page
Query Builder