SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
oneorzero oneorzero 1.6.4.1