CVE-2026-28495
GetSimple CMS · GetSimple CMS
GetSimple CMS is vulnerable to Remote Code Execution via a CSRF-based attack on the massiveAdmin plugin's configuration editor.
Executive summary
A critical vulnerability in the GetSimple CMS massiveAdmin plugin allows an unauthenticated attacker to achieve remote code execution via Cross-Site Request Forgery.
Vulnerability
The massiveAdmin plugin lacks Cross-Site Request Forgery (CSRF) protections when interacting with the gsconfig.php file editor. This allows a remote unauthenticated attacker to force an authenticated administrator to inadvertently overwrite the configuration file with malicious PHP code.
Business impact
Successful exploitation results in Remote Code Execution (RCE), granting the attacker full control over the underlying web server. With a CVSS score of 9.6, this vulnerability allows for complete site defacement, data theft, or the deployment of persistent backdoors, severely impacting the organization's security posture.
Remediation
Immediate Action: Update the GetSimple CMS environment and ensure the massiveAdmin plugin is removed or updated to a secure version if available.
Proactive Monitoring: Monitor server file integrity for unexpected modifications to gsconfig.php and review administrative access logs for unusual activity.
Compensating Controls: Implement strict CSRF protection mechanisms or enforce administrative IP whitelisting to restrict access to sensitive configuration modules.
Exploitation status
Public Exploit Available: Not specified
Analyst recommendation
This vulnerability presents a severe risk due to the potential for full server takeover. Administrators must immediately secure the configuration editor or disable the vulnerable plugin to prevent exploitation through CSRF vectors.