CVE-2021-47830

Sažetak

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.

Reference

http://get-simple.info
https://github.com/GetSimpleCMS/GetSimpleCMS
https://www.exploit-db.com/exploits/49774
https://www.exploit-db.com/exploits/49798
https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-csrf

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

06-03-2026 - 20:15

Objavljeno

21-01-2026 - 18:16