HomePentest-Tools.com Logo

GetSimple CMS < 3.3.16 Multiple Vulnerabilities CVE-2019-9915CVE-2020-18657CVE-2020-18658CVE-2020-18659CVE-2020-18660CVE-2020-18191CVE-2021-28976CVE-2021-28977

Severity
CVSSv3 Score
4.8
Vulnerability description

GetSimple CMS is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2019-9915: Open redirect via the admin/index.php redirect parameter - CVE-2020-18191: Directory traversal in /admin/log.php may allow arbitrary file deletion - CVE-2020-18657: Cross Site Scripting (XSS) in admin/changedata.php via the redirect_url parameter and the headers_sent function - CVE-2020-18658: XSS via the timezone parameter to settings.php - CVE-2020-18659: XSS via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php - CVE-2020-18660: Open redirect in admin/changedata.php via the redirect function to the url parameter - CVE-2021-28976: Remote Code Execution (RCE) in admin/upload.php via phar files - CVE-2021-28977: XSS in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files.

Recommendation

Update to version 3.3.16 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 22, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available