QwikSec

Security Database

CVE

CWE

Training

CVE-2017-8912

Published: May 12, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

https://osandamalith.com/2017/05/11/cmsms-2-1-6-multiple-vulnerabilities/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.