cvedb.io
CVE-2017-8912
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2017-05-12T07:29:00.343 · Last modified 2026-06-17T01:27:11.267

Summary

CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.

Affected products

cmsmadesimple — cms_made_simple

Does this affect you?

Add your gear to cvedb and we'll alert you only when cmsmadesimple ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.