Summary
This host is running GetSimple CMS and is prone to administrative credentials disclosure vulnerability.
Impact
Successful exploitation will allow remote attackers to obtain sensitive information.
Impact Level: Application.
Solution
Apply the patch or upagrade to GetSimple CMS 2.03 or later, For updates refer to http://get-simple.info/download/
Insight
GetSimple does not use a SQL Database. Instead it uses a '.xml' files located at '/GetSimple/data'. The administrators username and password hash can be obtained by navigating to the '/data/other/user.xml' xml file.
Affected
GetSimple CMS 2.01 and 2.02
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AjaXplorer zoho plugin Directory Traversal Vulnerability
- Advantech WebAccess Multiple Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014