CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cmsmadesimple cms made simple 2.1.6 |