CVE-2024-11125: GetSimpleCMS profile.php cross-site request forgery
First published: Tue Nov 12 2024(Updated: )
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Getsimple CMS | =3.3.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11125?
CVE-2024-11125 is classified as a problematic vulnerability due to its impact on cross-site request forgery.
How do I fix CVE-2024-11125?
To fix CVE-2024-11125, update GetSimpleCMS to the latest version that addresses this vulnerability.
What is affected by CVE-2024-11125?
CVE-2024-11125 specifically affects GetSimpleCMS version 3.3.16.
Can CVE-2024-11125 be exploited remotely?
Yes, CVE-2024-11125 can be exploited remotely through cross-site request forgery.
What file is associated with CVE-2024-11125 vulnerability?
The CVE-2024-11125 vulnerability is associated with the /admin/profile.php file in GetSimpleCMS.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/get-simple
- canonical/getsimple cms
- version/getsimple cms/3.3.16