ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.