Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.