GetSimple CMS My SMTP Contact Plugin Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the My SMTP Contact Plugin for GetSimple CMS, specifically in version 1.1.1. This vulnerability allows attackers to create a malicious webpage that, when accessed by an authenticated administrator, can alter SMTP configuration settings within the plugin. While this could lead to unauthorized changes, it does not directly facilitate remote code execution.

Impact

Exploitation of this vulnerability could result in unauthorized changes to SMTP settings, potentially disrupting email functionality or misdirecting communications. However, this vulnerability has been chained with a PHP code injection flaw in the same plugin, leading to remote code execution on the server.

Reproduction

To reproduce this vulnerability, an attacker must craft a webpage that includes a form targeting the GetSimple CMS admin interface. This form should be pre-filled with SMTP configuration data and submitted automatically when the page is visited by an authenticated administrator. Once the settings are changed, the injected PHP code can be executed by exploiting a known vulnerability in the CMS's theme editing feature.

Remediation

Users are advised to update the My SMTP Contact Plugin to version 1.1.2, which addresses the CSRF vulnerability by implementing a nonce token for protection against cross-site attacks.