CVE-2018-20477

An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.