Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.