SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.
https://exchange.xforce.ibmcloud.com/vulnerabilities/38448
http://www.securityfocus.com/bid/26431
http://www.securityfocus.com/archive/1/483673/100/0/threaded