MCMS v5.2.4 exists to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.
mingsoft mcms 5.2.4