Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
https://exchange.xforce.ibmcloud.com/vulnerabilities/100668
http://www.securityfocus.com/archive/1/534616/100/0/threaded