CVE-2021-28976

HIGH

GetSimpleCMS < 3.3.15 - Remote Code Execution via PHAR File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-28976. PoCs published by CodeSecLab.

AI-analyzed exploit summary This exploit leverages a file upload vulnerability in GetSimpleCMS 3.3.16, allowing attackers to upload a malicious .phar file bypassing blacklist filters, leading to remote code execution (RCE). The PoC demonstrates creating a .phar archive containing a PHP shell and uploading it via the vulnerable endpoint.

Description

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.

Exploits (1)

exploitdb WORKING POC

by CodeSecLab · textwebappsphp

https://www.exploit-db.com/exploits/52168

View Code ZIP pw:eip

This exploit leverages a file upload vulnerability in GetSimpleCMS 3.3.16, allowing attackers to upload a malicious .phar file bypassing blacklist filters, leading to remote code execution (RCE). The PoC demonstrates creating a .phar archive containing a PHP shell and uploading it via the vulnerable endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GetSimpleCMS 3.3.16

Auth required

Prerequisites: Access to admin/upload.php · PHP environment to create .phar file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1205 - Traffic Signaling

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1335

Scores

CVSS v3 7.2

EPSS 0.0697

EPSS Percentile 91.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

get-simple/getsimplecms < 3.3.15

Published Jun 23, 2021

Tracked Since Feb 18, 2026