SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Successful exploitation requires that "magic_quotes_gpc" is disabled.