An issue exists in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request.
zzcms zzcms 8.2