SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.