Getsimplecms Ce
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48492 | 0.00 | — | 0.01 | May 30, 2025 | GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE).… | |||
| CVE-2024-55086 | 0.00 | — | 0.00 | Dec 18, 2024 | In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system. | |||
| CVE-2024-55085 | 0.00 | — | 0.01 | Dec 16, 2024 | GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE. | |||
| CVE-2024-11125 | 0.00 | — | 0.00 | Nov 12, 2024 | A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed… | |||
| CVE-2015-5356 | 0.00 | — | 0.02 | Jul 1, 2015 | Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter. | |||
| CVE-2015-5355 | 0.00 | — | 0.02 | Jul 1, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php. |
- CVE-2025-48492May 30, 2025risk 0.00cvss —epss 0.01
GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE).…
- CVE-2024-55086Dec 18, 2024risk 0.00cvss —epss 0.00
In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system.
- CVE-2024-55085Dec 16, 2024risk 0.00cvss —epss 0.01
GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.
- CVE-2024-11125Nov 12, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed…
- CVE-2015-5356Jul 1, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
- CVE-2015-5355Jul 1, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php.
Page 3 of 3