SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
xia zuojie nexusphp 1.5