CVE-2024-55085

Published: Dec 16, 2024Modified: Apr 17, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.

Affected (1)

Products: Getsimple Ce: Getsimple Cms

Getsimple Ce

1 product

Getsimple Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Getsimple Ce Getsimple Cms	Version 3.3.19

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

https://getsimple-ce.ovh/

Source: cve@mitre.org

Product

https://tasteful-stamp-da4.notion.site/CVE-2024-55085-15b1e0f227cb80a5aee6faeb820bf7e6

Source: cve@mitre.org

Broken Link

Timeline

No history available yet.