Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27294
http://www.vupen.com/english/advisories/2006/2468
http://www.securityfocus.com/bid/18497
http://www.securityfocus.com/archive/1/437658/100/100/threaded
http://www.securityfocus.com/archive/1/437651/100/100/threaded