PHP Code Injection Vulnerability in GetSimple CMS My SMTP Contact Plugin
CVE-2021-47778

8.6HIGH

Key Information:

Vendor

Get-simple

Status
My Smtp Contact Plugin
Vendor
CVE Published:
21 January 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2021-47778?

The GetSimple CMS My SMTP Contact Plugin version 1.1.2 is susceptible to a PHP code injection attack. This vulnerability allows authenticated administrators to inject arbitrary PHP code via the plugin's configuration parameters. Successful exploitation can lead to remote code execution on the server, posing significant risks to the integrity and security of the affected environment. Proper validation of input and stringent security measures should be implemented to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

My SMTP Contact Plugin 1.1.2

References

https://www.exploit-db.com/exploits/49774
exploit
http://get-simple.info
product
https://github.com/GetSimpleCMS/GetSimpleCMS
product

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bobby Cooke (boku)
JSON
.