Vulnerabilities

CVE-2017-8912

by Fred · 12/05/2017

** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug."

Date published : 2017-05-12

https://www.exploit-db.com/exploits/41997/

CMSMS 2.1.6 Multiple Vulnerabilities

Similar

Tags: Cybersecurity Alert