Roothub v2.6 exists to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function..