Vulnerabilities > CVE-2014-8790

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/129778/KIS-2014-17.txt
idPACKETSTORM:129778
last seen2016-12-05
published2014-12-31
reporterEgiX
sourcehttps://packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html
titleGetSimple CMS 3.3.4 XML External Entity Injection