Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.
https://www.exploit-db.com/exploits/5699
https://exchange.xforce.ibmcloud.com/vulnerabilities/42770