CVE-2019-16309
FlameCMS 3.3.5 has an SQL injection in account/login.php via the accountName parameter. The root cause is a lack of input validation for SQL statements in a database-backed application, enabling an attacker to execute arbitrary SQL commands. This CVE (CVE-2019-16309) is corroborated by multiple s...