CVE-2021-47778

High CVSS: 8.6

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.

Vendor

Get-simple

Product

Getsimplecms

CWE

CWE-94

Yayın Tarihi

2026-01-21 18:16:09

Güncelleme

2026-03-06 20:15:55

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-94 Getsimplecms HIGH Get-simple 2026

Referanslar

http://get-simple.info https://github.com/GetSimpleCMS/GetSimpleCMS https://github.com/boku7/gsSMTP-Csrf2Xss2RCE/ https://www.exploit-db.com/exploits/49774 https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-php-code-injection

Benzer Kayıtlar

Medium

CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin at…

High

CVE-2021-47860

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attac…

Medium

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can cra…

High

CVE-2013-10032

An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php…