Vulnerabilities > CVE-2014-8790

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cagintranetworks
get-simple
NVD
Published: 2015-01-20
Updated: 2018-10-30

Summary

XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter. <a href="http://cwe.mitre.org/data/definitions/611.html" target="_blank">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

Vulnerable Configurations

Part Description Count
Application
Cagintranetworks
2
Application
Get-Simple
9

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/129778/KIS-2014-17.txt
idPACKETSTORM:129778
last seen2016-12-05
published2014-12-31
reporterEgiX
sourcehttps://packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html
titleGetSimple CMS 3.3.4 XML External Entity Injection

References