Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/13583
http://www.securityfocus.com/bid/8961
http://sourceforge.net/project/shownotes.php?release_id=195009