Getsimple · Getsimple Cms · CVE-2014-8790
**Name of the Vulnerable Software and Affected Versions**
GetSimple CMS versions 3.1.1 through 3.3.x
**Description**
The issue allows remote attackers to read arbitrary files via the `data` parameter in certain configurations. This is due to an XML external entity (XXE) vulnerability in the admin/api.php file.
**Recommendations**
For versions 3.1.1 through 3.3.x, update to version 3.3.5 Beta 1 or later to resolve the issue.