SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter.