SQL Injection

net.mingsoft, ms-mcms is vulnerable to SQL injection. The vulnerability exists due to improper sanitization in the get function of categoryaction.java due to manipulation in the argument sqlWhere, via the /cms/category/list endpoint...