Description
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735.
References (4)
Core 4
Core References
Third Party Advisory vdb-entry
https://vuldb.com/?id.245735
Permissions Required signature
permissions-required
https://vuldb.com/?ctiid.245735
Exploit exploit
issue-tracking
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1358
Exploit issue-tracking
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352
Scores
CVSS v3
4.7
EPSS
0.0097
EPSS Percentile
57.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (2)
get-simple/getsimplecms
3.3.16
get-simple/getsimplecms
3.4.0a
Published
Nov 17, 2023
Tracked Since
Feb 18, 2026