Vulnerabilities > CVE-2025-48492 - Unspecified vulnerability in Getsimple-Ce Getsimple CMS

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

getsimple-ce

NVD

Published: 2025-05-30

Updated: 2025-06-04

Summary

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). This issue is set to be patched in version 3.3.22.

Vulnerable Configurations

Part	Description	Count
Application	Getsimple-Ce Getsimple CE Getsimple CMS *	1

References

https://github.com/GetSimpleCMS-CE/GetSimpleCMS-CE/security/advisories/GHSA-g435-p72m-p582
https://github.com/GetSimpleCMS-CE/GetSimpleCMS-CE/security/advisories/GHSA-g435-p72m-p582