SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.
https://www.exploit-db.com/exploits/8252
https://exchange.xforce.ibmcloud.com/vulnerabilities/49335