Cagintranetworks : Security Vulnerabilities, CVEs,
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.
Max CVSS
8.8
EPSS Score
0.19%
Published
2017-04-30
Updated
2019-10-03
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
Max CVSS
5.0
EPSS Score
0.81%
Published
2015-01-20
Updated
2018-10-30
2 vulnerabilities found