Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum X5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pagesize, (2) maxrec, and (3) startpos parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/25918
http://www.vupen.com/english/advisories/2006/1423
http://secunia.com/advisories/19720
http://pridels0.blogspot.com/2006/04/plexum-x5-sql-vuln.html