Get-simple

Getsimplecms

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-47870

Exploit
  • EPSS 0.09%
  • Veröffentlicht 21.01.2026 17:32:09
  • Zuletzt bearbeitet 06.03.2026 20:10:06

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex by...

4.3

CVE-2021-47860

Exploit
  • EPSS 0.09%
  • Veröffentlicht 21.01.2026 17:29:56
  • Zuletzt bearbeitet 06.03.2026 20:10:32

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cro...

7.2

CVE-2021-47778

Exploit
  • EPSS 1.11%
  • Veröffentlicht 21.01.2026 17:29:48
  • Zuletzt bearbeitet 06.03.2026 20:15:55

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.

6.5

CVE-2021-47830

Exploit
  • EPSS 0.09%
  • Veröffentlicht 21.01.2026 17:27:34
  • Zuletzt bearbeitet 06.03.2026 20:15:23

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin....

8.8

CVE-2013-10032

Exploit
  • EPSS 60.65%
  • Veröffentlicht 25.07.2025 16:15:24
  • Zuletzt bearbeitet 23.09.2025 23:44:07

An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading ...

4.3

CVE-2024-11125

Exploit
  • EPSS 0.19%
  • Veröffentlicht 12.11.2024 15:15:06
  • Zuletzt bearbeitet 15.11.2024 23:01:32

A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The...

5.4

CVE-2023-51246

  • EPSS 0.2%
  • Veröffentlicht 08.01.2024 20:15:44
  • Zuletzt bearbeitet 16.06.2025 19:15:25

A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page.

9.8

CVE-2023-6188

Exploit
  • EPSS 0.12%
  • Veröffentlicht 17.11.2023 18:15:07
  • Zuletzt bearbeitet 21.11.2024 08:43:19

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The ...

5.4

CVE-2023-46040

Exploit
  • EPSS 0.22%
  • Veröffentlicht 31.10.2023 02:15:08
  • Zuletzt bearbeitet 21.11.2024 08:27:47

Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.

9.8

CVE-2023-46042

Exploit
  • EPSS 68.24%
  • Veröffentlicht 19.10.2023 15:15:09
  • Zuletzt bearbeitet 21.11.2024 08:27:47

An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().