Month Of Abysssec Undisclosed Bugs – JE CMS version 1.0.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/94320/moaub28-jecms.pdf
Source: https://packetstormsecurity.com/files/94320/Month-Of-Abysssec-Undisclosed-Bugs-JE-CMS-1.0.0.html