SQL Injection vulnerability in Likeshop prior to 2.5.7 allows malicious users to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists.