SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/75513
http://www.exploit-db.com/exploits/18858