Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
website broker script project website broker script -