CVE-2006-0444
CVE-2006-0444 describes a SQL injection in Phpclanwebsite (aka PCW) 1.23.1 (and related mentions) where an attacker can inject arbitrary SQL via the (1) par parameter in the forum post function and (2) poll_id parameter on the poll page. The poll_id vector may also enable XSS from an unquoted err...