MKCMS V5.0 has SQL injection via the bplay.php play parameter.Referenceshttp://www.iwantacve.cn/index.php/archives/181/
