Getsimple-Ce: Security Vulnerabilities
GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). This issue is set to be patched in version 3.3.22.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-05-30
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-12-18
In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-12-18
GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-12-16