EIP-2026-107391

PRE-CVE

Getsimple CMS 2.01 < 2.02 - Administrative Credentials Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107391. PoCs published by Michael Brooks.

AI-analyzed exploit summary This writeup details an information disclosure vulnerability in GetSimple CMS versions 2.01 and 2.02, where administrative credentials and other sensitive data are stored in unprotected XML files. The researcher explains the lack of access controls and the triviality of cracking the SHA1 password hashes.

Description

Getsimple CMS 2.01 < 2.02 - Administrative Credentials Disclosure

Exploits (1)

exploitdb WRITEUP

by Michael Brooks · textwebappsphp

https://www.exploit-db.com/exploits/15605

View Code ZIP pw:eip

This writeup details an information disclosure vulnerability in GetSimple CMS versions 2.01 and 2.02, where administrative credentials and other sensitive data are stored in unprotected XML files. The researcher explains the lack of access controls and the triviality of cracking the SHA1 password hashes.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: GetSimple CMS 2.01, 2.02

No auth needed

Prerequisites: Access to the target's /data/ directory

MITRE ATT&CK

T1552 - Unsecured Credentials T1087 - Account Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026