SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/98393
http://www.securityfocus.com/bid/70833
http://www.securityfocus.com/archive/1/533847/100/0/threaded
http://packetstormsecurity.com/files/128909/Nuevolabs-Nuevoplayer-For-Clipshare-SQL-Injection.html