Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements.
luocms project luocms 2.0