SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter.
http://www.exploit-db.com/exploits/29326
http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes