SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie.
https://exchange.xforce.ibmcloud.com/vulnerabilities/79442
http://jcore.net/news/jcore-ver-10pre2-available-for-testing