SQL injection vulnerability in messages.php in I-Rater Basic allows remote malicious users to execute arbitrary SQL commands via the idp parameter.
i-rater i-rater basic _nil_