An issue exists in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
baijiacms project baijiacms 4.0