SQL injection vulnerability in show.php in Cyphor 0.19 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
cynox cyphor