PT-2024-36473 · Unknown · Getsimple Cms

Published

2024-12-16

Updated

2024-12-17

CVE-2024-55085

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GetSimple CMS CE version 3.3.19

Description The issue concerns arbitrary code execution in the template editing function within the background management system. This can be exploited by an attacker to implement Remote Code Execution (RCE).

Recommendations For GetSimple CMS CE version 3.3.19, as a temporary workaround, consider disabling the template editing feature in the background management system until a patch is available. Restrict access to the template editing function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-55085

Affected Products

Getsimple Cms

PT-2024-36473 · Unknown · Getsimple Cms

CVE-2024-55085

Weakness Enumeration

Related Identifiers

Affected Products

References · 8