CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51246
https://notcve.org/view.php?id=CVE-2023-51246
A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. Existe una vulnerabilidad de Cross Site Scripting (XSS) en GetSimple CMS 3.3.16 cuando se utiliza el modo de código fuente como usuario backend para agregar artículos a través de la página /admin/edit.php. • https://gist.github.com/NING0121/25498c5326c2590423b26ace38d2cf39 https://github.com/NING0121/CVE/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-6188 – GetSimpleCMS theme-edit.php code injection
https://notcve.org/view.php?id=CVE-2023-6188
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1358 https://vuldb.com/?ctiid.245735 https://vuldb.com/?id.245735 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46040
https://notcve.org/view.php?id=CVE-2023-46040
Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function. Vulnerabilidad de Cross Site Scripting en GetSimpleCMS v.3.4.0a permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para la función componentes.php. • https://github.com/Num-Nine/CVE/wiki/GetSimplecms-exists-to-store-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2023-46042
https://notcve.org/view.php?id=CVE-2023-46042
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). Un problema en GetSimpleCMS v.3.4.0a permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en phpinfo(). • https://github.com/Num-Nine/CVE/wiki/A-file-write-vulnerability-exists-in-GetSimpleCMS • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 4CVE-2022-41544 – GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-41544
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. Se ha detectado que GetSimple CMS versión v3.3.16, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del parámetro edited_file en el archivo admin/theme-edit.php GetSimple CMS version 3.3.16 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/51475 https://github.com/N3rdyN3xus/CVE-2022-41544 https://github.com/yosef0x01/CVE-2022-41544 http://packetstormsecurity.com/files/172553/GetSimple-CMS-3.3.16-Shell-Upload.html https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352 •