CVE-2009-2147
The CVE-2009-2147 entry describes a SQL injection in fdown.php of phpWebThings (versions 1.5.2 and earlier) that lets remote attackers execute arbitrary SQL commands via the id parameter. Multiple connected sources (NVD, CVE list, PRION, etc.) corroborate the vulnerability as a SQL-injection flaw...