Subrion CMS prior to 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.
intelliants subrion cms