CVE-2019-10707

MKCMS V5.0 has SQL injection via the bplay.php play parameter.
Source: NIST
CVE-2019-10707