SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
blog project blog