LimeSurvey prior to 4.0.0-RC4 allows SQL injection via the participant model.
limesurvey limesurvey
limesurvey limesurvey 4.0.0