Get-simple Getsimplecms — known CVE vulnerabilities
Every CVE whose affected-product data names Get-simple Getsimplecms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2023-46042 — CVSS 9.8 (critical): An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().
CVE-2020-18191 — CVSS 9.1 (critical): GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/l…
CVE-2013-10032 — CVSS 8.8 (high): An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows…
CVE-2021-47778 — CVSS 7.2 (high): GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary…
CVE-2021-28976 — CVSS 7.2 (high): Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.
CVE-2021-47830 — CVSS 6.5 (medium): GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious…
CVE-2020-18660 — CVSS 6.1 (medium): GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.
CVE-2020-18659 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php
CVE-2021-36601 — CVSS 6.1 (medium): GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL…
CVE-2020-18657 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the…
CVE-2020-18658 — CVSS 6.1 (medium): Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.
CVE-2023-46040 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to…
CVE-2023-51246 — CVSS 5.4 (medium): A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via…
CVE-2020-20391 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.
CVE-2020-21353 — CVSS 5.4 (medium): A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web…
CVE-2021-47870 — CVSS 5.4 (medium): GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize…
CVE-2021-47860 — CVSS 5.3 (medium): GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject…
CVE-2021-28977 — CVSS 4.8 (medium): Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information…
CVE-2023-6188 — CVSS 4.7 (medium): A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the…
CVE-2024-11125 — CVSS 4.3 (medium): A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file…