In Tiki prior to 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
tiki tikiwiki cms\\/groupware