SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/64727
http://www.securityfocus.com/bid/45826