Lucene search

[email protected]NVD:CVE-2014-8790

HistoryJan 20, 2015 - 3:59 p.m.

CVE-2014-8790

2015-01-2015:59:02

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.

Affected configurations

NVD

Node

cagintranetworksgetsimple_cmsMatch3.3.3

cagintranetworksgetsimple_cmsMatch3.3.4

get-simplegetsimple_cmsMatch3.1.1

get-simplegetsimple_cmsMatch3.1.2

get-simplegetsimple_cmsMatch3.2

get-simplegetsimple_cmsMatch3.2.1

get-simplegetsimple_cmsMatch3.2.2

get-simplegetsimple_cmsMatch3.2.3

get-simplegetsimple_cmsMatch3.3.0

get-simplegetsimple_cmsMatch3.3.1

get-simplegetsimple_cmsMatch3.3.2b3

References

get-simple.info/start/changelog/

karmainsecurity.com/KIS-2014-17

packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html

seclists.org/fulldisclosure/2014/Dec/135

github.com/GetSimpleCMS/GetSimpleCMS/issues/944

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for NVD:CVE-2014-8790

prion1 packetstorm1 cvelist1 zdt1 cve1