MingSoft Mcms is a complete open source J2ee system from China MingFei (MingSoft). MingSoft Mcms v5.2.5 has a security vulnerability that can be exploited by attackers to conduct SQL injection attacks via the categoryId parameter in the file IContentDao.xml.