SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03
http://www.zerodayinitiative.com/advisories/ZDI-16-240
http://www.zerodayinitiative.com/advisories/ZDI-16-239
http://www.zerodayinitiative.com/advisories/ZDI-16-238