SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
dcfm blog dcfm blog 0.9.4