One day I felt like reviewing the source code of some random CMS and I picked CMSMS. This is totally random and I did this to kill boredom. Remote Code Execution – CVE-2017-8912 In admin/editusertag.php you can create custom user defined tags in which evil PHP functions are not blacklisted. [code language=”text”] POST /cms/cmsimple/admin/editusertag.php?_sk_=2a7da2216d41e0ac&userplugin_id=4 HTTP/1.1 … Continue reading CMSMS 2.1.6 Multiple Vulnerabilities