6.5
CVE-2021-47830
- EPSS 0.35%
- Veröffentlicht 21.01.2026 17:27:34
- Zuletzt bearbeitet 06.03.2026 20:15:23
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginGetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Get-simple ≫ Getsimplecms Version1.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.266 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| disclosure@vulncheck.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
http://get-simple.info
https://www.exploit-db.com/exploits/49774
https://github.com/GetSimpleCMS/GetSimpleCMS
https://www.exploit-db.com/exploits/49798
https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-csrf