SQL injection vulnerability in snow snow v.2.0.0 allows a remote malicious user to execute arbitrary code via the dataScope parameter of the system/role/list interface.