GetSimple CMS Unauthenticated Information Disclosure Vulnerability via .htaccess Dependence in Sensitive Directories

Vulnerability

A vulnerability exists in GetSimple CMS versions through 3.3.22, allowing unauthenticated attackers to access sensitive files. The issue arises because the CMS relies on .htaccess files to protect directories such as /data/ and /backups/. In environments where Apache AllowOverride is disabled, these protections are ignored. Attackers can exploit this to list and download files, including authorization.xml, which contains cryptographic salts and API keys. This vulnerability is critical and has no available fix.

Impact

Exploitation of this vulnerability allows unauthenticated remote attackers to list and download files from the /data/ and /backups/ directories. This includes user XML files, page content, backup archives, and the /data/authorization.xml file, which exposes cryptographic salts and API keys. Such access could lead to further compromises, including credential attacks, content tampering, or abuse of APIs.

Reproduction

The vulnerability can be reproduced by sending requests to the /data/ or /backups/ directories when Apache AllowOverride is disabled. This can be done using an HTTP client or browser, which will successfully access the directories and download files without authentication.

Remediation

It is recommended to move sensitive directories outside the web root, enforce application-level access controls instead of relying on .htaccess, validate Apache configurations during installation, and add runtime checks to prevent serving sensitive files regardless of server settings.

Added: Feb 21, 2026, 12:19 AM
Updated: Feb 21, 2026, 12:19 AM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
2.5
exploitability
9.7
remediation
8.3
relevance
2.0
threat
6.4
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.