CVE-2007-3526
Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the newsid parameter to viewnews.php, 2 the catid parameter to viewevents.php, or 3 the memberid parameter to videogallery.php...