iCMS is an application. An efficient and clean content management system built with PHP and MySQL. iCMS suffers from a code injection vulnerability that stems from the fact that iCMS allows users to add and render comtom templates, which are SSTI vulnerable. An attacker could exploit this vulnerability to perform remote code execution.