source: https://www.securityfocus.com/bid/4957/info
It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute script code within the context of the site as an authenticated administrator, or to view or modify sensitive database information through the subversion of an SQL query.
These issues have been reported in version 0.7 of CBMS. Other versions may share these vulnerabilities, this has not however been confirmed.
dltclnt.php?choice=yes&idnum=clientid