CVSS: 9.8EPSS: 91%CPEs: 1EXPL: 4CVE-2019-11231 – GetSimpleCMS - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11231
16 May 2019 — An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by... • https://packetstorm.news/files/id/152961 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19845
https://notcve.org/view.php?id=CVE-2018-19845
31 Dec 2018 — There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. Hay Cross-Site Scripting (XSS) persistente en la versión 3.3.12 de GetSimple mediante el parámetro "post-menu" en admin/edit.php. Este problema está relacionado con CVE-2018-16325. • https://github.com/security-breachlock/CVE-2018-19845/blob/master/XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •