GetSimple CMS
cpe:2.3:a:get-simple:getsimple_cms:*:*:*:*:*:*:*, +1 more
- 3.3.22
A vulnerability allowing arbitrary file reads has been identified in all versions of GetSimple CMS, specifically within the Uploaded Files feature. At the time of publication, this issue had not been addressed.
Exploitation of this vulnerability leads to unauthorized access to the system's core confidential data, causing a significant security breach.
To reproduce this vulnerability, upload a file through the application's file upload feature. Once the file is uploaded, navigate to the file's URL within the 'data/uploads' directory. The uploaded file can be accessed directly, bypassing any intended restrictions.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.