[原文]Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL commands via the (1) EntryID or (2) searchterm parameter to index.php, or (3) username parameter to authenticate.php.
CMScore contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the "$EntryID" and "$searchterm" variables in the "index.php" script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Set "magic_quotes_gpc" to "On".