Zzzh

**Name of the Vulnerable Software and Affected Versions** EasyCMS versions up to 1.6 **Description** A flaw exists in EasyCMS that allows for remote SQL injection. The issue is located in an unknown function within the `/RbacnodeAction.class.php` file, part of the Request Parameter Handler component. Manipulating the ` order` argument can trigger the injection. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.6 should be updated. As a temporary workaround, consider restricting access to the `/RbacnodeAction.class.php` file or disabling the vulnerable function until a patch is available. Avoid using the ` order` parameter in requests to the affected component.