CVE-2019-11231

Name of the Vulnerable Software and Affected Versions GetSimple CMS versions 3.3.15 and earlier

Description The issue is related to insufficient input sanitation in the theme-edit.php file, allowing the upload of files with arbitrary content, such as PHP code. This can be triggered by an authenticated user, but authentication can be bypassed. The vulnerability can lead to data exposure, including hashed passwords, which can be bypassed. An attacker can target the session state by exploiting the custom implementation. The cookie name can be crafted using leaked information from the frontend, such as site name and version. If the API key and admin username are leaked, authentication can be bypassed by supplying a cookie based on an SHA-1 computation of this known information.

Recommendations For GetSimple CMS versions 3.3.15 and earlier, consider disabling the theme-edit.php file until a patch is available to prevent the upload of malicious files. Restrict access to the admin/theme-edit.php file to minimize the risk of exploitation. Avoid using the cookie name parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.