SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote malicious users to execute arbitrary SQL commands via the lng parameter.
freeguppy guppy 4.5.18