CVE-2013-10032

HIGH

GetSimpleCMS <3.2.1 - Authenticated RCE

Title source: llm

Description

An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP code, an attacker can bypass blacklist-based restrictions and place executable code within the web root. A crafted request using a polyglot or disguised extension allows the attacker to execute the payload by accessing the file directly via the web server. This vulnerability exists due to the use of a blacklist for filtering file types instead of a whitelist.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Ahmed Elhady Mohamed · textwebappsphp

https://www.exploit-db.com/exploits/25405

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Ahmed Elhady Mohamed · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb

View Code ZIP pw:eip

References (6)

[Product] https://get-simple.info

[Exploit, Third Party Advisory] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb

[Third Party Advisory] https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=27895

[Exploit, VDB Entry] https://www.exploit-db.com/exploits/25405

[Third Party Advisory] https://www.fortiguard.com/encyclopedia/ips/39295

[Third Party Advisory] https://www.vulncheck.com/advisories/getsimple-cms-auth-rce-via-arbitrary-php-file-upload

Scores

CVSS v3 8.8

EPSS 0.6065

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306 CWE-434

Status published

Products (2)

get-simple/getsimplecms 3.2.1

GetSimple CMS Project/GetSimple CMS 3.2.1

Published Jul 25, 2025

Tracked Since Feb 18, 2026