An issue exists in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.
s-cms s-cms 1.0