CyberSec.Space Logo
Back to CVE Browser

CVE-2014-8722

HIGH
7.5
CVSS Severity Score
EPSS Score0.1720%
EPSS Percentile33.69th
PublishedMar 17, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.

Affected Platforms (CPE)

πŸ“¦
Get Simple

Getsimple Cms

= 3.3.4

References & Advisories

πŸ”— http://packetstormsecurity.com/files/162906/GetSimple-CMS-3.3.4-Information-Disclosure.html
πŸ”— http://rossmarks.uk/portfolio.php
πŸ”— http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt
πŸ”— http://packetstormsecurity.com/files/162906/GetSimple-CMS-3.3.4-Information-Disclosure.html
πŸ”— http://rossmarks.uk/portfolio.php
πŸ”— http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt

Related Vulnerabilities

CVE-2019-112319.8

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of...

CVE-2020-238378.8

A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add ...

CVE-2017-80818.8

Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to es...

CVE-2018-171038.8

An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via a...

CVE-2014-8722 Detail & Impact Analysis | CVSS 7.5 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space