Cagintranetworks Getsimple Cms vulnerabilities
2 known vulnerabilities affecting cagintranetworks/getsimple_cms.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2017-8081P3HIGHCVSS 8.8v3.3.13_2017-04-30
CVE-2017-8081 [HIGH] CWE-338 CVE-2017-8081: Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 a
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.
nvd
CVE-2014-8790P4MEDIUMCVSS 5.0v3.3.3v3.3.42015-01-20
CVE-2014-8790 [MEDIUM] CVE-2014-8790: XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
nvd