RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.
rainbowfishsoftware pacsone server 6.8.4