CVE-2014-8790
GetSimple CMS 3.1.1-3.3.x - XML External Entity Injection via admin/api.php Data Parameter
Title source: llmDescription
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
References (5)
Core 5
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Dec/135
Exploit x_refsource_misc
http://packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html
Various Sources x_refsource_confirm
http://get-simple.info/start/changelog/
Exploit x_refsource_misc
http://karmainsecurity.com/KIS-2014-17
Issue Tracking x_refsource_confirm
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/944
Scores
EPSS
0.0254
EPSS Percentile
83.1%
Details
Status
published
Products (11)
cagintranetworks/getsimple_cms
3.3.3
cagintranetworks/getsimple_cms
3.3.4
get-simple/getsimple_cms
3.1.1
get-simple/getsimple_cms
3.1.2
get-simple/getsimple_cms
3.2
get-simple/getsimple_cms
3.2.1
get-simple/getsimple_cms
3.2.2
get-simple/getsimple_cms
3.2.3
get-simple/getsimple_cms
3.3.0
get-simple/getsimple_cms
3.3.1
... and 1 more
Published
Jan 20, 2015
Tracked Since
Feb 18, 2026