IPeakCMS version 3.5 suffers from a blind remote SQL injection vulnerability.
b55c12362a468cd0019c17cd8af592262215a0de0726f9992ffa3562a30f9b26
Incom CMS version 2.0 suffers from an unauthenticated arbitrary file upload vulnerability.
7d47cee58dadce751b03d36c10a70967bd55201df82f6d5897da887583fbef3b