LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation.
armorx lisomail