{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86061?format=json","vulnerability_id":"VCID-wn63-stps-2uhb","summary":"CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is \"a feature, not a bug.","aliases":[{"alias":"CVE-2017-8912"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8912","reference_id":"","reference_type":"","scores":[{"value":"0.03714","scoring_system":"epss","scoring_elements":"0.88237","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8912"},{"reference_url":"https://www.exploit-db.com/exploits/41997/","reference_id":"41997","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-23T18:18:49Z/"}],"url":"https://www.exploit-db.com/exploits/41997/"},{"reference_url":"https://osandamalith.com/2017/05/11/cmsms-2-1-6-multiple-vulnerabilities/","reference_id":"cmsms-2-1-6-multiple-vulnerabilities","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-23T18:18:49Z/"}],"url":"https://osandamalith.com/2017/05/11/cmsms-2-1-6-multiple-vulnerabilities/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41997.txt","reference_id":"CVE-2017-8912","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41997.txt"}],"weaknesses":[],"exploits":[{"date_added":"2017-05-12","description":"CMS Made Simple 2.1.6 - Multiple Vulnerabilities","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":false,"source_date_published":"2017-05-10","exploit_type":"webapps","platform":"php","source_date_updated":"2017-05-12","data_source":"Exploit-DB","source_url":""}],"severity_range_score":"7.2 - 7.2","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wn63-stps-2uhb"}