MCMS v5.2.27 exists to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
mingsoft mcms 5.2.27