Stefanowen

**Name of the Vulnerable Software and Affected Versions** Waimai Super Cms version 20150505 **Description** An issue was discovered that allows time-based SQL Injection. The /index.php?m=public&a=checkemail URI is vulnerable via the `param` array parameter in the web/Lib/Action/PublicAction.class.php file. **Recommendations** For Waimai Super Cms version 20150505, consider restricting access to the /index.php?m=public&a=checkemail URI until a patch is available. As a temporary workaround, avoid using the `param` array parameter in the PublicAction.class.php file to minimize the risk of exploitation.