The userid parameter in the users.php file is vulnerable to SQL Injection.
A user must be signed in to exploit this.
02/22/12 - Vendor Notified 02/24/12 - No response, disclosure
http://localhost/phpgiftreg/users.php?action=edit&userid=[SQLi]