CVE-2019-9915 Scanner
Detects 'Open Redirect' vulnerability in GetSimple CMS affects v. 3.3.13.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Domain, Ipv4
Toolbox
-
GetSimple CMS is a Content Management System (CMS) designed to simplify the process of creating and managing websites. It’s a lightweight CMS, known for its ease of use, flexibility, and minimalistic interface. It’s an open-source software that has been in use since 2009. It’s based on PHP, and it stores its data in XML files instead of databases.
Recently, a vulnerability has been detected in GetSimple CMS, known as CVE-2019-9915. This vulnerability allows attackers to redirect users to malicious websites by manipulating the redirect parameter in the admin/index.php page. The attacker can exploit this vulnerability by crafting a malicious URL that appears to be legitimate, leading the user to believe they’re visiting a trusted website. Once the user clicks on the link, they’re redirected to a malicious site that can steal their sensitive information.
Exploiting this vulnerability can lead to a range of negative consequences. For instance, cybercriminals can use phishing attacks to trick users into sharing their login credentials, personal information, or financial data. This can result in identity theft, financial loss, and reputational damage. If the victim is a business, the attack could lead to downtime, diminished productivity, and lost revenue.
If you want to stay abreast of the latest vulnerabilities and security threats to your digital assets, you need a reliable source of information. s4e.io provides a platform that delivers curated and personalized reports on the security posture of your company and its digital properties. With pro features such as automated scanning, alerts, and threat intelligence feeds, you can rest assured that your website is protected against known and unknown risks. Invest in your digital security today and secure your website with s4e.io.
REFERENCES