SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
pbootcms pbootcms 1.2.1