Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.