PT-2022-25928 · Unknown · Getsimple Cms

Picklerbox

Published

2022-10-18

Updated

2025-05-13

CVE-2022-41544

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GetSimple CMS version 3.3.16

Description The issue is a remote code execution (RCE) vulnerability. It can be exploited via the edited file parameter in the admin/theme-edit.php file.

Recommendations For GetSimple CMS version 3.3.16, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the admin/theme-edit.php file to minimize the risk of exploitation. Avoid using the edited file parameter in the affected file until the issue is resolved.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2022-41544

Affected Products

Getsimple Cms

PT-2022-25928 · Unknown · Getsimple Cms

CVE-2022-41544

Weakness Enumeration

Related Identifiers

Affected Products

References · 8