FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.
flamecms project flamecms 3.3.5