SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote malicious users to execute arbitrary SQL commands via the img parameter.
invisionpower ibphotohost 1.1.2