Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27158
http://www.vupen.com/english/advisories/2006/2359
http://www.securityfocus.com/bid/18463
http://securitytracker.com/id?1016315