CyberSec.Space Logo
CVEブラウザに戻る

CVE-2014-8722

HIGH
7.5
CVSS Severity Score
EPSS Score0.1720%
EPSS Percentile33.69th
Published2017年3月17日
Last Modified2026年5月13日

Vulnerability Description

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.

Affected Platforms (CPE)

📦
Get Simple

Getsimple Cms

= 3.3.4

References & Advisories

🔗 http://packetstormsecurity.com/files/162906/GetSimple-CMS-3.3.4-Information-Disclosure.html
🔗 http://rossmarks.uk/portfolio.php
🔗 http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt
🔗 http://packetstormsecurity.com/files/162906/GetSimple-CMS-3.3.4-Information-Disclosure.html
🔗 http://rossmarks.uk/portfolio.php
🔗 http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt

関連する脆弱性情報

CVE-2019-112319.8

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of...

CVE-2020-238378.8

A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add ...

CVE-2017-80818.8

Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to es...

CVE-2018-171038.8

An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via a...