kkcms is an open source video capture and playback system. The system is mainly used to automatically capture video resources and provide online playback. kkcms v1.3.7 version has a SQL injection vulnerability, the vulnerability originates from /template/wapian/vlist.php does not filter the incoming cid parameter. An attacker can use this vulnerability to execute illegal SQL commands to steal sensitive database data.