SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote malicious users to execute arbitrary SQL commands via the displayid parameter.
springsignage xibo 1.4.2