Month Of Abysssec Undisclosed Bugs – PHP MicroCMS versions 1.0.1 and below suffer from remote SQL injection and local file inclusion vulnerabilities.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/93898/moaub15-microcms.pdf
Source: https://packetstormsecurity.com/files/93898/Month-Of-Abysssec-Undisclosed-Bugs-PHP-MicroCMS-1.0.1.html