SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter.