SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote malicious users to execute arbitrary SQL commands via the where_time parameter in a get action.
source: wwwsecurityfocuscom/bid/45913/info
PHPCMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlyin ...