CVE-2017-17620
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
Date published : 2017-12-13
https://www.exploit-db.com/exploits/43289/
https://packetstormsecurity.com/files/145332/Lawyer-Search-Script-1.1-SQL-Injection.html