Luocms is an article management system. A SQL injection vulnerability exists in Luocms v2.0, which stems from a lack of validation of external input SQL statements in /admin/news/news_mod.php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.