CVE-2017-8081

HIGH

8.8

CVSS Severity Score

EPSS Score0.1690%

EPSS Percentile15.38th

Published2017年4月30日

Last Modified2026年5月13日

Vulnerability Description

Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.

Affected Platforms (CPE)

📦

Cagintranetworks

Getsimple Cms

= 3.3.13_

References & Advisories

🔗 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1224

相關漏洞威脅

CVE-2019-112319.8

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of...

CVE-2020-238378.8

A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add ...

CVE-2018-171038.8

An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via a...

CVE-2014-87227.5

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml,...