CVE-2020-18191
published 2020-10-02CVE-2020-18191: GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
PriorityP352critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
2.07%
79.0th percentile
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| get-simple | getsimplecms | — | — |
| openstack | nova | >= 0 < 2:17.0.13-0ubuntu5.3 | 2:17.0.13-0ubuntu5.3 |
| openstack | nova | >= 0 < 2:21.2.4-0ubuntu2.2 | 2:21.2.4-0ubuntu2.2 |
| openstack | nova | >= 0 < 2:13.1.4-0ubuntu4.5+esm1 | 2:13.1.4-0ubuntu4.5+esm1 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
nova vulnerabilities
osv·2023-02-13·CVSS 3.3
CVE-2015-9543 nova vulnerabilities
nova vulnerabilities
It was discovered that Nova did not properly manage data logged into the
log file. An attacker with read access to the service's logs could exploit
this issue and may obtain sensitive information. This issue only affected
Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2015-9543)
It was discovered that Nova did not properly handle attaching and
reattaching the encrypted volume. An attacker could possibly use this issue
to perform a denial of service attack. This issue only affected Ubuntu
16.04 ESM. (CVE-2017-18191)
It was discovered that Nova did not properly handle the updation of domain
XML after live migration. An attacker could possibly use this issue to
corrupt the volume or perform a denial of service attack. This issue only
affected Ubuntu 18.04 LTS. (CVE-2020-1
GHSA
GHSA-fmh7-q99m-6pp3: GetSimpleCMS-3
ghsa_unreviewed·2022-05-24
CVE-2020-18191 [CRITICAL] GHSA-fmh7-q99m-6pp3: GetSimpleCMS-3
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-10-02
Published