Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2017-8912

🗓️ 12 May 2017 06:54:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 68 Views🌐 WEB

CMS Made Simple 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.ph

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		CMS Made Simple 2.1.6 - Multiple Vulnerabilities
12 May 201700:00
zdt
CNVD		CMS Made Simple Arbitrary Code Execution Vulnerability
24 May 201700:00
cnvd
Cvelist		CVE-2017-8912
12 May 201706:54
cvelist
Exploit DB		CMS Made Simple 2.1.6 - Multiple Vulnerabilities
10 May 201700:00
exploitdb
exploitpack		CMS Made Simple 2.1.6 - Multiple Vulnerabilities
10 May 201700:00
exploitpack
NVD		CVE-2017-8912
12 May 201707:29
nvd
OSV		CVE-2017-8912
12 May 201707:29
osv
Packet Storm		CMS Made Simple 2.1.6 Code Execution / Cross Site Scripting
12 May 201700:00
packetstorm
Prion		Design/Logic Flaw
12 May 201707:29
prion
Positive Technologies		PT-2017-18617 · Cms Made Simple · Cms Made Simple
12 May 201700:00
ptsecurity
Rows per page
NVD
Vulnrichment
Node
cmsmadesimplecms_made_simpleMatch2.1.6
ParameterPositionPathDescriptionCWE
_sk_request bodycmsms/admin/editusertag.phpRemote Code Execution via code parameter in editusertag.phpCWE-94
userplugin_idrequest bodycmsms/admin/editusertag.phpRemote Code Execution via code parameter in editusertag.phpCWE-94
userplugin_namerequest bodycmsms/admin/editusertag.phpRemote Code Execution via code parameter in editusertag.phpCWE-94
coderequest bodycmsms/admin/editusertag.phpRemote Code Execution via code parameter in editusertag.phpCWE-94
descriptionrequest bodycmsms/admin/editusertag.phpRemote Code Execution via code parameter in editusertag.phpCWE-94
runrequest bodycmsms/admin/editusertag.phpRemote Code Execution via code parameter in editusertag.phpCWE-94
applyrequest bodycmsms/admin/editusertag.phpRemote Code Execution via code parameter in editusertag.phpCWE-94
ajaxrequest bodycmsms/admin/editusertag.phpRemote Code Execution via code parameter in editusertag.phpCWE-94
_sk_request bodycmsms/admin/addgroup.phpStored XSS via group/description parameters in addgroup.phpCWE-94
grouprequest bodycmsms/admin/addgroup.phpStored XSS via group/description parameters in addgroup.phpCWE-94
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 May 2026 00:24Current
7.1High risk
Vulners AI Score7.1
CVSS 26.5
CVSS 37.2
CVSS 3.17.2
EPSS0.03714
SSVC
CWE-94
cms made simplecmsmsremote code executioncve-2017-8912security vulnerability
68