Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in query.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27373
http://www.vupen.com/english/advisories/2006/2529
http://www.securityfocus.com/bid/18661
http://secunia.com/advisories/20838
http://pridels0.blogspot.com/2006/06/anthill-sql-injection-vuln.html