vendor:
GetSimple CMS
by:
Unknown
7.5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: GetSimple CMS
Affected Version From: 02.03
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:getsimple_cms:getsimple_cms:2.03
Platforms Tested:
Unknown
Arbitrary File Upload in GetSimple CMS
The GetSimple CMS is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
Mitigation:
To mitigate this vulnerability, it is recommended to update to the latest version of GetSimple CMS and implement proper input validation and sanitization.