SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter.