NotCVE - vendor:"Get-simple" product:"Getsimple Cms" version:"3.3.4"

4 results (0.008 seconds)

CVSS: 9.8EPSS: 91%CPEs: 1EXPL: 4

CVE-2019-11231 – GetSimpleCMS - Unauthenticated Remote Code Execution

https://notcve.org/view.php?id=CVE-2019-11231

16 May 2019 — An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by... • https://packetstorm.news/files/id/152961 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2014-8723

https://notcve.org/view.php?id=CVE-2014-8723

17 Mar 2017 — GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. GetSimple CMS 3.3.4 permite a atacantes remotos obtener información sensible a través de una solicitud directa a (1) plugins/anonymous_data.php o (2) plugins/InnovationPlugin.php, lo que revela la ruta de instalación en un mensaje de error. • http://rossmarks.uk/portfolio.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3

CVE-2014-8722 – GetSimple CMS 3.3.4 - Information Disclosure

https://notcve.org/view.php?id=CVE-2014-8722

17 Mar 2017 — GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. GetSimple CMS 3.3.4 permite a atacantes remotos obtener información sensible mediante una solicitud directa a (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, o (4) data/other/appid.xml. GetSimple CMS version 3.3.4 suffers from an information dis... • https://packetstorm.news/files/id/162906 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 4

CVE-2014-8790 – GetSimple CMS 3.3.4 XML External Entity Injection

https://notcve.org/view.php?id=CVE-2014-8790

31 Dec 2014 — XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter. Vulnerabilidad de entidad externa XML (XXE) en admin/api.php en GetSimple CMS 3.1.1 hasta 3.3.x anterior a 3.3.5 Beta 1, cuando está en ciertas configuraciones, permite a atacantes remotos leer ficheros arbitrarios a través del parámetro data. GetSimple CMS versions 3.1.1 through 3.3.4 suffer... • https://packetstorm.news/files/id/129778 •