SQL injection vulnerability in member.php in Webmaster Marketplace allows remote attackers to execute arbitrary SQL commands via the u parameter.
https://www.exploit-db.com/exploits/7407
https://exchange.xforce.ibmcloud.com/vulnerabilities/47210
http://www.securityfocus.com/bid/32756
http://securityreason.com/securityalert/4747