SQL injection vulnerability in onethink v.1.1 allows a remote malicious user to escalate privileges via a crafted script to the ModelModel.class.php component.