Sql injection

Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the logid parameter to admin/editgroup.php...