MingSoft Mcms is a complete open source J2ee system from MingSoft (China). a security vulnerability exists in MingSoft Mcms v5.2.4, which allows attackers to perform SQL injection attacks via the search.do parameter in the file /mdiy/dict/listExcludeApp. No details of the vulnerability are currently available.