SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17031
http://sourceforge.net/project/shownotes.php?release_id=254915