Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2014-8790

Description

XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.

POC

Reference

- http://packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html

- http://seclists.org/fulldisclosure/2014/Dec/135

Github

No PoCs found on GitHub currently.