admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action.
https://exchange.xforce.ibmcloud.com/vulnerabilities/74292
http://www.securityfocus.com/bid/52686
http://secunia.com/advisories/48524
http://archives.neohapsis.com/archives/bugtraq/2012-03/0115.html