CVE-2014-8790
N/A
N/A
Summary
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://seclists.org/fulldisclosure/2014/Dec/135
- http://packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html
- http://get-simple.info/start/changelog/
- http://karmainsecurity.com/KIS-2014-17
- https://github.com/GetSimpleCMS/GetSimpleCMS/issues/944
References
- http://seclists.org/fulldisclosure/2014/Dec/135
- http://packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html
- http://get-simple.info/start/changelog/
- http://karmainsecurity.com/KIS-2014-17
- https://github.com/GetSimpleCMS/GetSimpleCMS/issues/944
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.