PHPCMS2008 BETA2 tasteless 0day a-vulnerability warning-the black bar safety net

data\cachemodel\membersearch.class.php username directly get into SQL. Tasteless is because of this hole to the administrator to set the 'registered members' to have a 'search' function. if$this-modelid if$where $where = "AND $where"; if$this-modelid == 1 0 && $GET'username' $username =...