Sensitive Information Disclosure in GetSimple CMS 3.3.4

Sensitive Information Disclosure in GetSimple CMS 3.3.4

CVE-2014-8722 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.

Learn more about our Cms Pen Testing.