CVSS: 9.8EPSS: 55%CPEs: 1EXPL: 3CVE-2019-11231 – GetSimpleCMS - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11231
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by default no longer enables the AllowOverride directive, leading to data/users/admin.xml password exposure. The passwords are hashed but this can be bypassed by starting with the data/other/authorization.xml API key. • https://www.exploit-db.com/exploits/46880 http://packetstormsecurity.com/files/152961/GetSimpleCMS-3.3.15-Remote-Code-Execution.html https://ssd-disclosure.com/?p=3899&preview=true https://ssd-disclosure.com/archives/3899/ssd-advisory-getcms-unauthenticated-remote-code-execution • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19845
https://notcve.org/view.php?id=CVE-2018-19845
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. Hay Cross-Site Scripting (XSS) persistente en la versión 3.3.12 de GetSimple mediante el parámetro "post-menu" en admin/edit.php. Este problema está relacionado con CVE-2018-16325. • https://github.com/security-breachlock/CVE-2018-19845/blob/master/XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19420
https://notcve.org/view.php?id=CVE-2018-19420
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. En GetSimpleCMS 3.3.15, admin/upload.php bloquea las subidas de .html, pero hay varios casos alternativos en los que se puede ejecutar HTML, como con un archivo sin extensión o con una extensión desconocida (como, por ejemplo, los nombres de archivo test o test.asdf). Esto se debe a admin/upload-uploadify.php y a validate_safe_file en admin/inc/security_functions.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1301 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19421
https://notcve.org/view.php?id=CVE-2018-19421
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. En GetSimpleCMS 3.3.15, admin/upload.php bloquea las subidas de .html, pero Internet Explorer renderiza los elementos HTML en un archivo .eml. Esto se debe a admin/upload-uploadify.php y validate_safe_file en admin/inc/security_functions.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1301 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17835
https://notcve.org/view.php?id=CVE-2018-17835
An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. Se ha descubierto un problema en GetSimple CMS 3.3.15. Un administrador puede insertar Cross-Site Scripting (XSS) persistente mediante el parámetro Custom Permalink Structure en admin/settings.php, lo que inyecta la carga útil de XSS en cualquier página creada en el URI admin/pages.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •