8 matches found
CVE-2022-41544
GetSimple CMS v3.3.16 was discovered to contain a remote code execution RCE vulnerability via the editedfile parameter in admin/theme-edit.php...
CVE-2022-41544
GetSimple CMS v3.3.16 was discovered to contain a remote code execution RCE vulnerability via the editedfile parameter in admin/theme-edit.php...
CVE-2022-41544
Summary: CVE-2022-41544 affects GetSimple CMS 3.3.16 and earlier. The vulnerability enables remote code execution via the theme editor (admin/theme-edit.php), with proven exploitation paths that upload and execute PHP shells. Public PoCs and exploits exist (GitHub scripts and a PacketsStorm write...
CVE-2022-41544
GetSimple CMS v3.3.16 was discovered to contain a remote code execution RCE vulnerability via the editedfile parameter in admin/theme-edit.php...
CVE-2019-16333
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting XSS in admin/theme-edit.php...
CVE-2019-16333
GetSimple CMS v3.3.15 is affected by a persistent Cross-Site Scripting (XSS) vulnerability in admin/theme-edit.php. The CVE description and connected sources (NVD/NVD mirrors, OpenVAS entry, and related advisories) consistently identify GetSimple CMS 3.3.15 as vulnerable to XSS in that admin page...
CVE-2019-16333
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting XSS in admin/theme-edit.php...
CVE-2019-11231
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content PHP code, for example. This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to th...