CVE-2021-47778

Published: Jan 21, 2026

Modified: Apr 7, 2026

PUBLISHED

Description

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.

Vendor	Product	Versions
Get-Simple	My SMTP Contact Plugin	affected `1.1.2`

Weaknesses (CWE)

CWE-94

References

ExploitDB-49774

exploit

Vendor Homepage

product

GetSimple CMS GitHub Repository

product

Full Disclosure Repository

technical-description

exploit

VulnCheck Advisory: GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-47778

Description

Affected Products

Weaknesses (CWE)

References