CVE-2025-48492

High CVSS: 8.6

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). This issue is set to be patched in version 3.3.22.

Vendor

Getsimple-ce

Product

Getsimple Cms

CWE

CWE-77

Yayın Tarihi

2025-05-30 07:15:23

Güncelleme

2025-06-04 19:56:47

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-77 Getsimple Cms HIGH Getsimple-ce 2025

Referanslar

https://github.com/GetSimpleCMS-CE/GetSimpleCMS-CE/security/advisories/GHSA-g435-p72m-p582 https://github.com/GetSimpleCMS-CE/GetSimpleCMS-CE/security/advisories/GHSA-g435-p72m-p582

Benzer Kayıtlar

Critical

CVE-2026-28495

GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allo…

Medium

CVE-2026-26351

GetSimpleCMS Community Edition (CE) version 3.3.16 contains a stored cross-site scripting (XSS) vulnerability in the The…

High

CVE-2026-27202

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature th…

High

CVE-2026-27146

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the admi…

Medium

CVE-2026-27147

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploa…

High

CVE-2026-27161

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access t…