GetSimple CMS Administrative Credentials Disclosure Vulnerability Network Vulnerability

Summary

This host is running GetSimple CMS and is prone to administrative credentials disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to obtain sensitive information. Impact Level: Application.

Solution

Apply the patch or upagrade to GetSimple CMS 2.03 or later, For updates refer to http://get-simple.info/download/

Insight

GetSimple does not use a SQL Database. Instead it uses a '.xml' files located at '/GetSimple/data'. The administrators username and password hash can be obtained by navigating to the '/data/other/user.xml' xml file.

Affected

GetSimple CMS 2.01 and 2.02

References

http://www.exploit-db.com/exploits/15605/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
Avenger's News System Command Execution

Take action and discover your vulnerabilities