Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories
Vulnerability Description
GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled (common in hardened or shared hosting environments), these protections are silently ignored, allowing unauthenticated attackers to list and download sensitive files including authorization.xml, which contains cryptographic salts and API keys. This issue does not have a fix at the time of publication.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
GetSimple CMS 信息泄露漏洞
Vulnerability Description
GetSimple CMS是GetSimple CMS开源的一个内容管理系统。 GetSimple CMS存在信息泄露漏洞,该漏洞源于依赖.htaccess文件限制敏感目录访问,当Apache AllowOverride被禁用时,这些保护会被静默忽略,可能导致未经验证的攻击者列出和下载包含加密盐和API密钥的敏感文件。
CVSS Information
N/A
Vulnerability Type
N/A