SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.Referenceshttp://www.securityfocus.com/bid/67000http://seclists.org/fulldisclosure/2014/Apr/249
