Description
Dear developer team.
Yesterday, I found a SQL injection vulnerability in the current release of Pragyan CMS v.3.
If you are interested about the information, please provide me an email address, where I can send my informations to. If you want me to post the information directly on Github, please let me know.
I located the vulnerability in the code, too, and could suggest a patch for this issue, if you are interested.
I am releasing a security advisory on my blog (without technical details, see: http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html). If you are not responding until 2nd February 2015 (UTC+1) I am gonna release the technical details as well and post the issue to the security mailing list FullDisclosure.
Thank you for your attention.
Greetings from Germany.
Steffen Rösemann