An issue in mingSoft MCMS v.5.2.4 allows a a remote malicious user to obtain sensitive information via a crafted script to the password parameter.
mingsoft mcms 5.2.4