An issue exists in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.
pbootcms pbootcms -