- Vulnerability: XSS, Code Execution, DOS, Password Leak, Weak Authentication, Misc
- Affected Software: GetSimple CMS
- Affected Version: 3.3.5 (probably also prior versions)
- Partially Patched Version: 3.3.6
- Risk: Medium-High
- Vendor Contacted: 2015-06-14
- Vendor Partial Fix: 2015-07-14
- Public Disclosure: 2015-07-15
GetSimple CMS is a content management system written in PHP. It does not use a database, but xml files instead.
There are various vulnerabilities in version 3.3.5, most of which are fixed in version 3.3.6.
For version 3.3.6 it is important that the htaccess file of GetSimple CMS can be read by the server, as otherwise passwords and other sensitive information will be disclosed (the functionality of the website itself is not affected by an unread htaccess file, so it might go unnoticed).