SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26757
http://www.securityfocus.com/bid/18934
http://www.securityfocus.com/bid/18117
http://www.securityfocus.com/archive/1/472798/100/0/threaded
http://www.securityfocus.com/archive/1/440120
http://www.securityfocus.com/archive/1/435202/100/0/threaded