GetSimple CMS Arbitrary File Read Vulnerability in Uploaded Files Feature

Vulnerability

A vulnerability allowing arbitrary file reads has been identified in all versions of GetSimple CMS, specifically within the Uploaded Files feature. At the time of publication, this issue had not been addressed.

Impact

Exploitation of this vulnerability leads to unauthorized access to the system's core confidential data, causing a significant security breach.

Reproduction

To reproduce this vulnerability, upload a file through the application's file upload feature. Once the file is uploaded, navigate to the file's URL within the 'data/uploads' directory. The uploaded file can be accessed directly, bypassing any intended restrictions.

Added: Feb 21, 2026, 12:17 AM
Updated: Feb 21, 2026, 12:17 AM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
2.5
exploitability
9.7
remediation
0.0
relevance
2.0
threat
6.4
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.