Month Of Abysssec Undisclosed Bugs – Rainbow Portal version 2.0 suffers from login weakness, cross site scripting and remote SQL injection vulnerabilities.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/93463/moaub02-rainbow.pdf
Source: https://packetstormsecurity.com/files/93463/Month-Of-Abysssec-Undisclosed-Bugs-Rainbow-Portal-2.0.html