SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter.
https://www.exploit-db.com/exploits/6010
https://exchange.xforce.ibmcloud.com/vulnerabilities/43607