Filtered by vendor Getsimple-ce
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48492 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-06-04 | N/A | 8.8 HIGH |
| GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). This issue is set to be patched in version 3.3.22. | |||||
| CVE-2024-55086 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-18 | N/A | 7.2 HIGH |
| In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system. | |||||
| CVE-2024-55085 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-17 | N/A | 9.8 CRITICAL |
| GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE. | |||||
| CVE-2024-55088 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-17 | N/A | 8.8 HIGH |
| GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. | |||||