PT-2026-3796 · Getsimple · My Smtp Contact Plugin+1
Bobby Cooke
·
Published
2026-01-21
·
Updated
2026-01-21
·
CVE-2021-47778
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
GetSimple CMS My SMTP Contact Plugin version 1.1.2
Description
PHP code injection allows an authenticated administrator to inject arbitrary PHP code through plugin configuration parameters, which can lead to remote code execution on the server.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
My Smtp Contact Plugin
Getsimple Cms