cbcvebase.

Getsimple-Ce Getsimple Cms vulnerabilities

10 known vulnerabilities affecting getsimple-ce/getsimple_cms.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-48492P2HIGHCVSS 8.8≥ 3.3.16, < 3.3.222025-05-30
CVE-2025-48492 [HIGH] CWE-77 CVE-2025-48492: GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authent GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). This issue is set to be patched in version 3.3.22.
nvd
CVE-2026-28495P3HIGHCVSS 8.8≤ 3.3.222026-03-10
CVE-2026-28495 [HIGH] CWE-352 CVE-2026-28495: GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpl GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling a remote unauthenticated attacker to exploit this via
nvd
CVE-2024-55085P3CRITICALCVSS 9.8v3.3.192024-12-16
CVE-2024-55085 [CRITICAL] CWE-94 CVE-2024-55085: GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in th GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.
nvd
CVE-2026-27161P3HIGHCVSS 7.5≤ 3.3.222026-02-21
CVE-2026-27161 [HIGH] CWE-200 CVE-2026-27161: GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled (common in hardened or shared hosting environments), these protections are silently ignored, allowing unauthenticated attackers to list and down
nvd
CVE-2026-27202P3HIGHCVSS 7.5v3.3.222026-02-21
CVE-2026-27202 [HIGH] CWE-22 CVE-2026-27202: GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploa GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.
nvd
CVE-2024-55088P3HIGHCVSS 8.8v3.3.192024-12-18
CVE-2024-55088 [HIGH] CWE-352 CVE-2024-55088: GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin mo GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.
nvd
CVE-2024-55086P3HIGHCVSS 7.2v3.3.192024-12-18
CVE-2024-55086 [HIGH] CWE-918 CVE-2024-55086: In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved i In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system.
nvd
CVE-2026-27147P4MEDIUMCVSS 5.4≤ 3.3.222026-02-21
CVE-2026-27147 [MEDIUM] CWE-79 CVE-2026-27147: GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS th GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed malicious JavaScript. When the uploaded SVG file is accessed,
nvd
CVE-2026-27146P4MEDIUMCVSS 4.5≤ 3.3.222026-02-21
CVE-2026-27146 [MEDIUM] CWE-352 CVE-2026-27146: GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF pr GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The request is accepted without requiring a CSRF token or
nvd
CVE-2026-26351P4MEDIUMCVSS 4.8≥ 3.3.16, < 3.3.222026-02-24
CVE-2026-26351 [MEDIUM] CWE-79 CVE-2026-26351: GetSimpleCMS Community Edition (CE) versions prior to 3.3.22 (3.3.16 tested) contains a stored cross GetSimpleCMS Community Edition (CE) versions prior to 3.3.22 (3.3.16 tested) contains a stored cross-site scripting (XSS) vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encoding. While other fields are sanitized using safe_sl
nvd
Getsimple-Ce Getsimple Cms vulnerabilities | cvebase