SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action.
https://www.exploit-db.com/exploits/5988
https://exchange.xforce.ibmcloud.com/vulnerabilities/43525