SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/62810
http://www.securityfocus.com/archive/1/514479/100/100/threaded