SQL injection vulnerability in main/main.php in QuestCMS allows remote malicious users to execute arbitrary SQL commands via the obj parameter.
questwork questcms