Описание
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-8790
- https://github.com/GetSimpleCMS/GetSimpleCMS/issues/944
- http://get-simple.info/start/changelog
- http://karmainsecurity.com/KIS-2014-17
- http://packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html
- http://seclists.org/fulldisclosure/2014/Dec/135
EPSS
Процентиль: 70%
0.00657
Низкий
CVE ID
Связанные уязвимости
nvd
около 11 лет назад
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
EPSS
Процентиль: 70%
0.00657
Низкий