Multiple SQL injection vulnerabilities in Möbius for Mimsy XG 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in browse.php and (2) the s parameter in detail.php.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3427)