Uninitialized PHP variables and ability to modify SQL query allow to execute code on server. Crossite scripting. Invalid NULL-byte handling leads to DoS.
vulners.com/securityvulns/securityvulns:doc:1912
vulners.com/securityvulns/securityvulns:doc:1914
vulners.com/securityvulns/securityvulns:doc:2078
vulners.com/securityvulns/securityvulns:doc:2652
vulners.com/securityvulns/securityvulns:doc:2687
vulners.com/securityvulns/securityvulns:doc:2726
vulners.com/securityvulns/securityvulns:doc:2990