kkcms v1.3.7 exists to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.
kkcms project kkcms 1.37