SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link.
https://exchange.xforce.ibmcloud.com/vulnerabilities/71884
http://www.securityfocus.com/bid/51113
http://www.mnogosearch.org/doc33/msearch-changelog.html#changelog-3-3-12