First, go to the backend management page and click on the THEME button, and click ‘Edit Theme’.

image.png

insert ‘<?php phpinfo();?>’ into the code.

image.png

Back to the homepage and we find ‘phpinfo’ ,which means our code has been executed.

image.png

In the GetSimple CMS CE 3.3.19 management page, Server-Side Request

Forgery (SSRF) can be achieved in the plug-in download address in the

backend management system.