Cuppa CMS v1.0 exists to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.
cuppacms cuppacms 1.0