CVE-2009-3502
SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter.
Date published : 2009-09-30
http://packetstormsecurity.org/0909-exploits/bpmusic-sql.txt