SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27169
http://www.securityfocus.com/archive/1/436946/100/0/threaded