SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/57869
http://secunia.com/advisories/39452
http://packetstormsecurity.org/1004-exploits/almnrzm-sql.txt