Month Of Abysssec Undisclosed Bugs – FestOS CMS versions 2.3b and below suffer from cross site scripting, local file inclusion and remote SQL injection vulnerabilities.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/93721/moaub09-festos.pdf
Source: https://packetstormsecurity.com/files/93721/Month-Of-Abysssec-Undisclosed-Bugs-FestOS-CMS-2.3b.html