You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Last week I tried to notify you about this issue by sending an email to some @get-simple.info addresses that I found on this page (including info@get-simple.info and security@get-simple.info), but I haven't received a response, so I'm opening this ticket.
When the External API is enabled from within the gsconfig.php file, an attacker might be able to carry out XML External Entity (XXE) attacks resulting in arbitrary file disclosures. This is the vulnerable line of code, where the simplexml_load_string() function is used with user input passed via the 'data' POST parameter. To fix this vulnerability you may want to use the libxml_disable_entity_loader() function.
Since GetSimple is an XML-based CMS, this vulnerability might be abused to disclose sensitive data stored in XML files which might allow attackers to bypass the authentication mechanism and access the administration panel in order to achieve arbitrary code execution. On the other hand, the vulnerability is relatively minor, because it's mitigated by the fact that the 'GSEXTAPI' constant is not defined by default.
The text was updated successfully, but these errors were encountered:
gotcha, I tried finding where I read that, but I cant find it again, i had an issue on it months ago and closed it because it seemed to be a non issue, perhaps I was wrong.
( maybe i am thinking remote xxe, if there is an option for external url entities)
I need to update that wiki article desperately, nonone had ever even used the API that i know of, or even tested it, it was written by a original author a long time ago.
Last week I tried to notify you about this issue by sending an email to some @get-simple.info addresses that I found on this page (including info@get-simple.info and security@get-simple.info), but I haven't received a response, so I'm opening this ticket.
When the External API is enabled from within the gsconfig.php file, an attacker might be able to carry out XML External Entity (XXE) attacks resulting in arbitrary file disclosures. This is the vulnerable line of code, where the simplexml_load_string() function is used with user input passed via the 'data' POST parameter. To fix this vulnerability you may want to use the libxml_disable_entity_loader() function.
Since GetSimple is an XML-based CMS, this vulnerability might be abused to disclose sensitive data stored in XML files which might allow attackers to bypass the authentication mechanism and access the administration panel in order to achieve arbitrary code execution. On the other hand, the vulnerability is relatively minor, because it's mitigated by the fact that the 'GSEXTAPI' constant is not defined by default.
The text was updated successfully, but these errors were encountered: