CVE-2014-8790

Name of the Vulnerable Software and Affected Versions GetSimple CMS versions 3.1.1 through 3.3.x

Description The issue allows remote attackers to read arbitrary files via the data parameter in certain configurations. This is due to an XML external entity (XXE) vulnerability in the admin/api.php file.

Recommendations For versions 3.1.1 through 3.3.x, update to version 3.3.5 Beta 1 or later to resolve the issue.