SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.
https://www.exploit-db.com/exploits/5447
https://www.exploit-db.com/exploits/5414
https://exchange.xforce.ibmcloud.com/vulnerabilities/46254
http://www.securityfocus.com/archive/1/490886/100/0/threaded