VYPR

Getsimplecms Ce

by Getsimplecms Ce

CVEs (46)

  • CVE-2025-48492May 30, 2025
    risk 0.00cvss epss 0.01

    GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE).…

  • CVE-2024-55086Dec 18, 2024
    risk 0.00cvss epss 0.00

    In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system.

  • CVE-2024-55085Dec 16, 2024
    risk 0.00cvss epss 0.01

    GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.

  • CVE-2024-11125Nov 12, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed…

  • CVE-2015-5356Jul 1, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.

  • CVE-2015-5355Jul 1, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php.

Page 3 of 3