CVE-2021-47778 – CVE-2021-47778 is a PHP code injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2021-47778?

CVE-2021-47778 has a CVSS score of 7.2 (HIGH). CVE-2021-47778 is a PHP code injection vulnerability in GetSimple CMS My SMTP Contact Plugin 1.1.2 that allows authenticated administrators to execute arbitrary code on the server through plugin configuration parameters. This affects all GetSimple CMS installations using the vulnerable plugin version. Successful exploitation leads to complete server compromise.

📋 TL;DR

CVE-2021-47778 is a PHP code injection vulnerability in GetSimple CMS My SMTP Contact Plugin 1.1.2 that allows authenticated administrators to execute arbitrary code on the server through plugin configuration parameters. This affects all GetSimple CMS installations using the vulnerable plugin version. Successful exploitation leads to complete server compromise.

💻 Affected Systems

Products:

GetSimple CMS My SMTP Contact Plugin

Versions: 1.1.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated administrator access to exploit. The vulnerability is in the plugin configuration interface.

📦 What is this software?

Getsimplecms by Get Simple

View all CVEs affecting Getsimplecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise with attacker gaining persistent access, data exfiltration, lateral movement to other systems, and deployment of ransomware or other malware.

🟠

Likely Case

Attacker gains shell access to the web server, can read/write files, access databases, and potentially pivot to other systems on the network.

🟢

If Mitigated

Limited impact if proper network segmentation, file integrity monitoring, and least privilege principles are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit code is publicly available on Exploit-DB and GitHub. Requires administrator credentials to access the plugin configuration page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

1. Remove or disable the My SMTP Contact Plugin 1.1.2. 2. Consider migrating to alternative SMTP plugins or contact form solutions. 3. Update GetSimple CMS to latest version if available.

🔧 Temporary Workarounds

Disable vulnerable plugin

linux

Remove or disable the My SMTP Contact Plugin 1.1.2 from GetSimple CMS installation

rm -rf /path/to/getsimple/plugins/my-smtp-contact/

Restrict admin access

all

Implement IP whitelisting for admin panel access and enforce strong authentication

🧯 If You Can't Patch

Implement strict network segmentation to isolate the GetSimple CMS server
Deploy web application firewall with PHP injection detection rules

🔍 How to Verify

Check if Vulnerable:

Check if /plugins/my-smtp-contact/ directory exists and contains version 1.1.2 files

Check Version:

cat /path/to/getsimple/plugins/my-smtp-contact/plugin.xml | grep 'version'

Verify Fix Applied:

Confirm the my-smtp-contact plugin directory no longer exists or has been replaced with secure version

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to plugin configuration pages
PHP execution errors in web server logs
File creation/modification in web directories

Network Indicators:

Outbound connections from web server to unexpected destinations
Unusual traffic patterns from admin IP addresses

SIEM Query:

source="web_logs" AND (uri="/admin/load.php" OR uri="/admin/plugin.php") AND (params CONTAINS "eval(" OR params CONTAINS "system(" OR params CONTAINS "exec(")

📊 Metadata

CVE ID: CVE-2021-47778

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.43% exploit probability (61.9th percentile)

Published: January 21, 2026

Last Updated: March 6, 2026

🔗 References

http://get-simple.info Product
https://github.com/GetSimpleCMS/GetSimpleCMS Product
https://github.com/boku7/gsSMTP-Csrf2Xss2RCE/ Exploit,Third Party Advisory
https://www.exploit-db.com/exploits/49774 Exploit,Third Party Advisory,VDB Entry
https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-php-code-injection Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47778, you might also want to check these: