An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1.
Related posts