CMS Made Simple editusertag.php Remote OS Command Injection Exploit

CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2017-8912
Product Version: 
2017_R2
Released Date: 
Tuesday, August 15, 2017 - 00:00