An issue exists in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page.
hsycms hsycms 1.1