SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/75399
http://www.securityfocus.com/bid/51927