Plattform
php
Komponente
massiveadmin
Behoben in
3.3.23
CVE-2026-28495 is a critical Remote Code Execution (RCE) vulnerability affecting the massiveAdmin plugin bundled with GetSimpleCMS-CE versions up to 3.3.22. An attacker can exploit this flaw to overwrite the gsconfig.php configuration file with arbitrary PHP code, leading to complete server compromise. The vulnerability stems from a lack of Cross-Site Request Forgery (CSRF) protection in the gsconfig editor module, allowing remote exploitation against logged-in administrators. A fix is pending.
The impact of CVE-2026-28495 is severe. Successful exploitation allows an attacker to execute arbitrary PHP code on the web server hosting the GetSimple CMS instance. This can lead to complete system compromise, including data exfiltration, malware installation, and denial of service. Given the ability to modify the gsconfig.php file, an attacker can effectively control the CMS's configuration and potentially gain access to sensitive data or modify website content. The CSRF aspect means an attacker only needs to trick a logged-in administrator into visiting a malicious page, significantly lowering the barrier to exploitation.
CVE-2026-28495 was publicly disclosed on 2026-03-10. The vulnerability's reliance on CSRF makes it relatively easy to exploit, especially in environments where administrators are frequently targeted by phishing attacks. There are currently no known public proof-of-concept exploits, but the ease of exploitation suggests that it is likely to be targeted. The vulnerability is not currently listed on the CISA KEV catalog.
Websites using GetSimpleCMS-CE versions 3.3.22 and earlier, particularly those with multiple administrators or shared hosting environments, are at significant risk. Administrators who routinely use the gsconfig editor module are especially vulnerable to CSRF attacks.
• php: Examine gsconfig.php for unexpected or malicious PHP code.
find /var/www/html -name gsconfig.php -print0 | xargs -0 grep -i 'eval(' • generic web: Monitor access logs for requests to the gsconfig editor module originating from unusual IP addresses or user agents.
grep "/admin/gsconfig.php" access.log• generic web: Check response headers for signs of code execution or unexpected behavior after accessing the gsconfig editor module.
curl -I http://your-website.com/admin/gsconfig.phpdisclosure
Exploit-Status
EPSS
0.07% (20% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-28495 is to upgrade to a patched version of GetSimpleCMS-CE that includes a fixed version of the massiveAdmin plugin. Unfortunately, a specific fixed version is not provided. As a temporary workaround, consider implementing strict input validation and sanitization on all user-supplied data within the gsconfig editor module. Additionally, implement robust CSRF protection across all administrative interfaces within GetSimple CMS. Web Application Firewalls (WAFs) configured to detect and block malicious PHP code injection attempts can also provide a layer of defense. After upgrading, confirm the vulnerability is resolved by attempting to access the gsconfig editor module as an administrator and verifying that any attempts to modify the gsconfig.php file are blocked.
Aktualisieren Sie GetSimple CMS auf eine Version nach 3.3.22 oder deaktivieren/löschen Sie das Plugin massiveAdmin. Als Vorsichtsmaßnahme vermeiden Sie den Zugriff auf die Admin-Oberfläche von GetSimple CMS von nicht vertrauenswürdigen Netzwerken und stellen Sie sicher, dass Sie sich nach Gebrauch abmelden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-28495 is a critical Remote Code Execution vulnerability in the massiveAdmin plugin bundled with GetSimpleCMS-CE versions up to 3.3.22. It allows an attacker to overwrite the gsconfig.php file via CSRF, potentially leading to full server compromise.
You are affected if you are using GetSimpleCMS-CE version 3.3.22 or earlier, and have the massiveAdmin plugin installed. Upgrade as soon as a patch is available.
Upgrade to a patched version of GetSimpleCMS-CE that includes a fixed version of the massiveAdmin plugin. Until a patch is available, implement CSRF protection on the gsconfig editor module.
There is currently no confirmed active exploitation, but the vulnerability's severity and ease of exploitation make it a likely target.
Refer to the official GetSimple CMS website and security advisories for updates and patch information: https://getsimple.info/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.