SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18373
http://www.securityfocus.com/bid/11824
http://securitytracker.com/id?1012434