The Alfresco application prior to 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.
alfresco alfresco