SQL injection vulnerability in casting_view.php in Modelbook allows remote malicious users to execute arbitrary SQL commands via the adnum parameter.
rocky.nu modelbook