CVE-2017-17620

Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.