以下是关于漏洞的关键信息: Advisories - 漏洞名称: GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection - 严重性(Severity): High - 日期(Date): January 21, 2026 - CWE: CWE-94 Improper Neutralization of Special Elements used in a Command ('PHP Code Injection') - CVE: CVE-2021-47778 - CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N - References - ExploitDB-49774 - Vendor Homepage - GetSimple CMS GitHub Repository - Full Disclosure Repository - Credit: Bobby Cooke (boku) - Description: GetSimple CMS My SMTP Contact Plugin 1.1.2存在PHP代码注入漏洞。已认证的管理员可以通过插件配置参数注入任意PHP代码,导致服务器上的远程代码执行。