ID:5576 - Exploit for Information disclosure in GetSimple CMS - CVE-2014-8722

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:5576 - Exploit for Information disclosure in GetSimple CMS - CVE-2014-8722

ID:5576 - Exploit for Information disclosure in GetSimple CMS - CVE-2014-8722

Published: June 17, 2021


Vulnerability identifier: #VU39444
Vulnerability risk: Medium
CVE-ID: CVE-2014-8722
CWE-ID: CWE-200
Exploitation vector: Remote access
Vulnerable software:
GetSimple CMS

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.


Remediation

Install update from vendor's website.