GetSimple CMS
cpe:2.3:a:get-simple:getsimple_cms:*:*:*:*:*:*:*, +1 more
- <= 3.3.22
A vulnerability exists in GetSimple CMS versions through 3.3.22, allowing unauthenticated attackers to access sensitive files. The issue arises because the CMS relies on .htaccess files to protect directories such as /data/ and /backups/. In environments where Apache AllowOverride is disabled, these protections are ignored. Attackers can exploit this to list and download files, including authorization.xml, which contains cryptographic salts and API keys. This vulnerability is critical and has no available fix.
Exploitation of this vulnerability allows unauthenticated remote attackers to list and download files from the /data/ and /backups/ directories. This includes user XML files, page content, backup archives, and the /data/authorization.xml file, which exposes cryptographic salts and API keys. Such access could lead to further compromises, including credential attacks, content tampering, or abuse of APIs.
The vulnerability can be reproduced by sending requests to the /data/ or /backups/ directories when Apache AllowOverride is disabled. This can be done using an HTTP client or browser, which will successfully access the directories and download files without authentication.
It is recommended to move sensitive directories outside the web root, enforce application-level access controls instead of relying on .htaccess, validate Apache configurations during installation, and add runtime checks to prevent serving sensitive files regardless of server settings.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.