CVE-2008-2510
SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter.
Date published : 2008-05-29
http://www.securityfocus.com/bid/29352
http://www.securityfocus.com/archive/1/492555/100/0/threaded