Mingsoft MCMS v5.2.7 exists to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.
mingsoft mcms 5.2.7