First published: Wed Jun 23 2021(Updated: )
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Get-simple Getsimplecms | <=3.3.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-18660 is a vulnerability in GetSimpleCMS <=3.3.15 that allows an attacker to redirect users to malicious websites.
CVE-2020-18660 has a severity rating of 6.1 (medium).
CVE-2020-18660 affects GetSimpleCMS versions up to and including 3.3.15.
The open redirect vulnerability in GetSimpleCMS can be exploited through the redirect function in the admin/changedata.php file by manipulating the url parameter.
Yes, upgrading GetSimpleCMS to version 3.3.16 or later fixes the open redirect vulnerability.