CVE-2018-17103

HIGH

8.8

CVSS Severity Score

EPSS Score0.0930%

EPSS Percentile41.78th

PublishedSep 16, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter

Affected Platforms (CPE)

📦

Get Simple

Getsimple Cms

= 3.3.13

References & Advisories

🔗 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1295

Related Vulnerabilities

CVE-2019-112319.8

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of...

CVE-2020-238378.8

A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add ...

CVE-2017-80818.8

Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to es...

CVE-2014-87227.5

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml,...