SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.Referenceshttp://osvdb.org/49540http://secunia.com/advisories/32532https://www.exploit-db.com/exploits/6914https://exchange.xforce.ibmcloud.com/vulnerabilities/46278
