OcoMon v4.0 exists to contain a SQL injection vulnerability via the cod parameter at download.php.
ocomon project ocomon 4.0