Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components.
https://exchange.xforce.ibmcloud.com/vulnerabilities/73105
http://www.vulnerability-lab.com/get_content.php?id=402