SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote malicious users to inject arbitrary SQL command via the sqlcmd parameter.
sangwan kim bookmark4u