CVE-2021-47778

Summary

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.

Affected Software

VendorProductVersion RangeStatus
Get-SimpleMy SMTP Contact Plugin1.1.2affected

Weaknesses

  • CWE-94: Improper Neutralization of Special Elements used in a Command ('PHP Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References