CVE-2021-47778

GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection

Description

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.

INFO

Published Date :

2026-01-21T17:29:48.390Z

Last Modified :

2026-04-07T14:06:07.691Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2021-47778 vulnerability.

Vendors	Products
Get-simple	Getsimplecms

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-47778.

URL	Resource
http://get-simple.info
https://github.com/GetSimpleCMS/GetSimpleCMS
https://github.com/boku7/gsSMTP-Csrf2Xss2RCE/
https://www.exploit-db.com/exploits/49774
https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-php-code-injection

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact