Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26139
http://www.securityfocus.com/bid/17759