Stefan Horst discovered a vulnerability in the Drupal database
abstraction API, which may result in SQL injection.