Roothub v2.6 exists to contain a SQL injection vulnerability via the topic parameter in the list() function.