Navis WebAccess Express version suffers from a remote SQL injection vulnerability.