An issue exists in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.
mingsoft mcms 5.0.0