SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB).