CVE-2018-19421

Name of the Vulnerable Software and Affected Versions GetSimpleCMS version 3.3.15

Description The issue concerns the upload functionality in GetSimpleCMS, where the admin/upload.php blocks uploads of .html files, but Internet Explorer can still render HTML elements in a .eml file. This is due to the admin/upload-uploadify.php and the validate safe file function in admin/inc/security functions.php.

Recommendations For GetSimpleCMS version 3.3.15, consider restricting the upload of .eml files or disabling the upload-uploadify.php functionality until a proper fix is available. Additionally, review and modify the validate safe file function in admin/inc/security functions.php to properly handle file type validation and prevent potential HTML rendering in unauthorized file types.