Browse all 7 CVE security advisories affecting GetSimpleCMS-CE. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GetSimpleCMS-CE serves as a lightweight content management system for small websites and personal blogs, prioritizing simplicity over advanced features. Historically, it has been susceptible to multiple security vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, contributing to its seven recorded CVEs. The platform's minimal design often results in limited input validation and insufficient access controls, creating attack vectors for unauthorized administrative access. While no major public security incidents have been widely documented, the consistent discovery of vulnerabilities suggests ongoing security challenges that require diligent maintenance and prompt patching by users to mitigate potential compromises.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28495 | GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php — GetSimpleCMS-CECWE-352 | 9.7 | Critical | 2026-03-10 |
| CVE-2026-26351 | GetSimpleCMS-CE < 3.3.22 Stored XSS via components.php — GetSimpleCMS-CECWE-79 | 4.8 | - | 2026-02-24 |
| CVE-2026-27202 | GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability — GetSimpleCMS-CECWE-23 | 6.5AI | MediumAI | 2026-02-20 |
| CVE-2026-27161 | Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories — GetSimpleCMS-CECWE-200 | 5.9AI | MediumAI | 2026-02-20 |
| CVE-2026-27147 | GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated) — GetSimpleCMS-CECWE-79 | 5.4AI | MediumAI | 2026-02-20 |
| CVE-2026-27146 | GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads — GetSimpleCMS-CECWE-352 | 8.8AI | HighAI | 2026-02-20 |
| CVE-2025-48492 | GetSimple CMS RCE in Edit component — GetSimpleCMS-CECWE-77 | 8.8AI | HighAI | 2025-05-30 |
This page lists every published CVE security advisory associated with GetSimpleCMS-CE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.