SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.