CVE-2017-15992 (v3: 9.8)
31 Oct 2017
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.