Month Of Abysssec Undisclosed Bugs – JMD-CMS versions Alpha 3.0.0.9 suffers from cross site scripting and remote shell upload vulnerabilities.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/94026/moaub19-jmdcms.pdf
Source: https://packetstormsecurity.com/files/94026/Month-Of-Abysssec-Undisclosed-Bugs-JMD-CMS-3.0.0.9.html