SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote malicious users to execute arbitrary SQL commands via the to parameter.
jportal jportal web portal 2