MidnightBSD

Advisories for cagintranetworks

CVE-2014-8790 MEDIUM

XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
get-simple getsimple_cms 3.1.2
get-simple getsimple_cms 3.2.1
get-simple getsimple_cms 3.1.1
get-simple getsimple_cms 3.3.1
cagintranetworks getsimple_cms 3.3.3
cagintranetworks getsimple_cms 3.3.4
get-simple getsimple_cms 3.3.2
get-simple getsimple_cms 3.2
get-simple getsimple_cms 3.2.2
get-simple getsimple_cms 3.2.3
get-simple getsimple_cms 3.3.0
CVE-2017-8081 MEDIUM

Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-338,

Products Affected

Vendor Product Version
cagintranetworks getsimple_cms 3.3.13_