SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.