Security researcher Roel van Beurden, from web exploitdb reported that CMS Made Simple is vulnerable.
CMS Made Simple is an Open Source Content Management System. It’s built using PHP and the Smarty Engine, which keeps content, functionality, and templates separated.
According to him, the CMS version Made Simple 2.2.14 allows authentication of arbitrary files because the file manager does not block them .ptar and .phtml. A malicious user can execute remote code execution.
There is still no new version to fix this bug from CMS manufacturer Made Simple.