Secunia Research has discovered a vulnerability in TomatoCMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "q" parameter to index.php/news/search is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 2.0.4 is affected.
59d21c16e9a3d64ad21a581410f450194f534465911e15fae42f990be6c070a1