Full Disclosure

[KIS-2014-17] GetSimple CMS <= 3.3.4 (api.php) XML External Entity Vulnerability

December 31, 2014 007admin Leave a comment

Posted by Egidio Romano on Dec 31

——————————————————————
GetSimple CMS <= 3.3.4 (api.php) XML External Entity Vulnerability
——————————————————————

[-] Software Link:

http://get-simple.info/

[-] Affected Versions:

All versions from 3.1.1 to 3.3.4.

[-] Vulnerability Description:

The vulnerable code is located in the /admin/api.php script:

22. #step 2 – setup request
23. $in…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information