CVE-2018-18822

Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.