Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php, and the (2) LID and (3) Rate parameters in (b) misc.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26293
http://www.vupen.com/english/advisories/2006/1708
http://www.securityfocus.com/bid/17848
http://www.securityfocus.com/archive/1/433052/100/0/threaded