SQL injection vulnerability in mailer.php in JPortal 2 allows remote malicious users to execute arbitrary SQL commands via the to parameter.
jportal jportal web portal 2