phpmanufaktur kitform < 0.43 - SQL Injection via sorter_value Parameter
SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.