CVE-2012-5701
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 searchstring or 2 where parameter in a contacts action, 3 deptid parameter in a departments action, 4 projectid parameter in a project action, or...