HomePentest-Tools.com Logo

GetSimple CMS < 3.3.16 Multiple Vulnerabilities CVE-2019-9915CVE-2020-18657CVE-2020-18658CVE-2020-18659CVE-2020-18660CVE-2020-18191CVE-2021-28976CVE-2021-28977

CVSSv3 Score
Vulnerability description

GetSimple CMS is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2019-9915: Open redirect via the admin/index.php redirect parameter - CVE-2020-18191: Directory traversal in /admin/log.php may allow arbitrary file deletion - CVE-2020-18657: Cross Site Scripting (XSS) in admin/changedata.php via the redirect_url parameter and the headers_sent function - CVE-2020-18658: XSS via the timezone parameter to settings.php - CVE-2020-18659: XSS via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php - CVE-2020-18660: Open redirect in admin/changedata.php via the redirect function to the url parameter - CVE-2021-28976: Remote Code Execution (RCE) in admin/upload.php via phar files - CVE-2021-28977: XSS in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files.


Update to version 3.3.16 or later.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Mar 22, 2019
Detection added at
Software Type
Not available
Not available
Not available