SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.