Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/56725
http://www.securityfocus.com/archive/1/509890/100/0/threaded