CVE-2021-29400

Published: Aug 10, 2021Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site.

Affected (1)

Products: Netexplorer: My Smtp Contact

1 product

My Smtp Contact

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netexplorer My Smtp Contact	Version 1.1.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://get-simple.info/extend/plugin/my-smtp-contact/1221/

Source: cve@mitre.org

ExploitThird Party Advisory

http://get-simple.info/extend/plugin/my-smtp-contact/1221/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.