Vulnerabilities > CVE-2014-8790
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
Application | 9 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/129778/KIS-2014-17.txt |
id | PACKETSTORM:129778 |
last seen | 2016-12-05 |
published | 2014-12-31 |
reporter | EgiX |
source | https://packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html |
title | GetSimple CMS 3.3.4 XML External Entity Injection |
References
- http://get-simple.info/start/changelog/
- http://get-simple.info/start/changelog/
- http://karmainsecurity.com/KIS-2014-17
- http://karmainsecurity.com/KIS-2014-17
- http://packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html
- http://packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html
- http://seclists.org/fulldisclosure/2014/Dec/135
- http://seclists.org/fulldisclosure/2014/Dec/135
- https://github.com/GetSimpleCMS/GetSimpleCMS/issues/944
- https://github.com/GetSimpleCMS/GetSimpleCMS/issues/944