CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-8722

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.338

EPSS Ranking 96.8%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://packetstormsecurity.com/files/162906/GetSimple-CMS-3.3.4-Information-Disclosure.html
http://rossmarks.uk/portfolio.php
http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt
http://packetstormsecurity.com/files/162906/GetSimple-CMS-3.3.4-Information-Disclosure.html
http://rossmarks.uk/portfolio.php
http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt

Products affected by CVE-2014-8722

Get-Simple » Getsimple Cms » Version: 3.3.4

cpe:2.3:a:get-simple:getsimple_cms:3.3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-8722

Products

Pricing

Contact Us