Vulnerabilities (CVE)

Filtered by vendor Get-simple Subscribe

Filtered by product Getsimple Cms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2014-8722	1 Get-simple	1 Getsimple Cms	2021-06-02	5.0 MEDIUM	7.5 HIGH
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
CVE-2018-17103	1 Get-simple	1 Getsimple Cms	2018-11-28	6.8 MEDIUM	8.8 HIGH
DISPUTED An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter.