CVE-2024-27622

Name of the Vulnerable Software and Affected Versions CMS Made Simple versions 2.2.19 through 2.2.21

Description A remote code execution issue has been identified in the User Defined Tags module of CMS Made Simple. This issue arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.

Recommendations For CMS Made Simple versions 2.2.19 through 2.2.21, consider disabling the User Defined Tags module until a patch is available to prevent exploitation. Restrict access to the 'Code' section of the module to minimize the risk of arbitrary PHP code execution.