SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter.

SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.