An issue in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted payload to the Content Manager Menu component.
cmsmadesimple cms made simple 2.2.18