CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-55088

Medium Severity
Getsimple-ce
SVRS
30/100
CVSSv3
8.8/10
EPSS
0.00043/1

CVE-2024-55088: Server-Side Request Forgery vulnerability in GetSimple CMS CE 3.3.19. This SSRF vulnerability affects the backend plugin module, potentially allowing attackers to make unauthorized requests from the server. Although its CVSS score is 8.8, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a relatively lower level of immediate threat compared to more critical vulnerabilities. Despite not being a high-priority vulnerability, attackers could exploit this to gather sensitive internal information or leverage the server to conduct attacks on other systems. The presence of the "In The Wild" tag suggests there are known exploits and active attempts to leverage this vulnerability. This highlights the necessity for promptly patching and updating the GetSimple CMS to mitigate potential risks. Ignoring this vulnerability could lead to information disclosure or further compromise of the server and network.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-12-18
LAST MODIFIED2025-04-17
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-55088 affects GetSimple CMS CE 3.3.19 and allows for Server-Side Request Forgery (SSRF) through the backend plugin module. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 42, indicating a potential vulnerability requiring attention.

Key Insights

  • Exploitable Through Backend Plugin Module: The vulnerability resides in the backend plugin module, potentially allowing attackers to execute malicious code or access sensitive information.
  • SSRF Vulnerability: SSRF allows attackers to send requests from the server to internal networks or other web servers. This can be used for reconnaissance, data exfiltration, or even launching further attacks.
  • Potential for Internal Network Compromise: The vulnerability could be exploited to gain access to internal systems and data, potentially compromising the entire network.
  • Lack of Public Exploit: Currently, there are no publicly available exploits for this vulnerability. However, this does not preclude the possibility of targeted attacks or future exploitation.

Mitigation Strategies

  • Update GetSimple CMS: Immediately update to the latest version of GetSimple CMS, which should address this vulnerability.
  • Restrict Network Access: Limit access to the backend plugin module to authorized users only.
  • Input Validation: Implement robust input validation to prevent malicious requests from being passed to the backend plugin module.
  • Web Application Firewall (WAF): Utilize a WAF to detect and block potential SSRF attacks.

Additional Information: If you have further questions about this incident, please utilize the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-55088 | GetSimple CMS 3.3.19 Backend Plugin Module server-side request forgery
vuldb.com2024-12-18
CVE-2024-55088 | GetSimple CMS 3.3.19 Backend Plugin Module server-side request forgery | A vulnerability classified as critical has been found in GetSimple CMS 3.3.19. This affects an unknown part of the component Backend Plugin Module. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2024-55088. Access to the local network is required for this attack. There
vuldb.com
rss
forum
news

Social Media

CVE-2024-55088 GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. https://t.co/uN7U42WPHY
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppGetsimple-cegetsimple_cms

References

ReferenceLink
[email protected]https://getsimple-ce.ovh/
[email protected]https://tasteful-stamp-da4.notion.site/CVE-2024-55088-15b1e0f227cb8064a1a8ed684607fee9?pvs=73
[email protected]https://getsimple-ce.ovh/
[email protected]https://tasteful-stamp-da4.notion.site/CVE-2024-55088-15b1e0f227cb8064a1a8ed684607fee9?pvs=73

CWE Details

CWE IDCWE NameDescription
CWE-352Cross-Site Request Forgery (CSRF)The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence