Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php.
secunia.com/advisories/34503
sourceforge.net/project/shownotes.php?release_id=672266
sourceforge.net/tracker/?func=detail&aid=2722736&group_id=189733&atid=930513
www.familycms.com/blog/2009/03/fcms-182-released/
www.securityfocus.com/archive/1/502272/100/0/threaded
www.securityfocus.com/bid/34297
www.exploit-db.com/exploits/8319