An issue exists in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
laobancms laobancms 2.0