Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to check.php or (2) unknown attack vectors to scripts that display information from the database.
https://exchange.xforce.ibmcloud.com/vulnerabilities/24515
https://exchange.xforce.ibmcloud.com/vulnerabilities/24508
http://www.securityfocus.com/bid/16586
http://www.securityfocus.com/archive/1/424827/100/0/threaded