DCP-Portal is more a community system than a CMS - it nevertheless calls itsself CMS. They have never seen a real CMS. Version 5.5 is vulnerable sql injection.Vulnerabilities: http://search.securityfocus.com/swsearch?query=dcp-portal&sbm=bid&submit=Search%21&metaname=alldoc