All 7 CVE vulnerabilities found in GetSimpleCMS-CE, with AI-generated Chinese analysis, references, and POCs.
Vendor: GetSimpleCMS-CE
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28495 | GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php CWE-352 | 9.7 | Critical | 2026-03-10 |
| CVE-2026-26351 | GetSimpleCMS-CE < 3.3.22 Stored XSS via components.php CWE-79 | 4.8 | - | 2026-02-24 |
| CVE-2026-27202 | GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability CWE-23 | 6.5AI | MediumAI | 2026-02-20 |
| CVE-2026-27161 | Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories CWE-200 | 5.9AI | MediumAI | 2026-02-20 |
| CVE-2026-27147 | GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated) CWE-79 | 5.4AI | MediumAI | 2026-02-20 |
| CVE-2026-27146 | GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads CWE-352 | 8.8AI | HighAI | 2026-02-20 |
| CVE-2025-48492 | GetSimple CMS RCE in Edit component CWE-77 | 8.8AI | HighAI | 2025-05-30 |
All 7 known CVE vulnerabilities affecting GetSimpleCMS-CE with full Chinese analysis, references, and POCs where available.