SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.
https://www.exploit-db.com/exploits/51504
https://packetstormsecurity.com/files/172698/MotoCMS-3.4.3-SQL-Injection.html