GetSimple CMS Administrative Credentials Disclosure Vulnerability Network Vulnerability

Summary

This host is running GetSimple CMS and is prone to administrative credentials disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to obtain sensitive information. Impact Level: Application.

Solution

Apply the patch or upagrade to GetSimple CMS 2.03 or later, For updates refer to http://get-simple.info/download/

Insight

GetSimple does not use a SQL Database. Instead it uses a '.xml' files located at '/GetSimple/data'. The administrators username and password hash can be obtained by navigating to the '/data/other/user.xml' xml file.

Affected

GetSimple CMS 2.01 and 2.02

References

http://www.exploit-db.com/exploits/15605/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
ATutor < 1.5.1-pl1 Multiple Flaws
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Acidcat CMS Multiple Vulnerabilities

Take action and discover your vulnerabilities