SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
http://securityreason.com/securityalert/8457
http://packetstormsecurity.org/1009-exploits/geeklog138-sql.txt