A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide prior to 3.1.3 allows remote malicious users to execute arbitrary SQL commands via the level2 parameter.