Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.
https://www.exploit-db.com/exploits/6678
https://exchange.xforce.ibmcloud.com/vulnerabilities/45671