Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.
Multiple SQL injection
Exploit
CVE-2014-3719
NVD
Refer to CVE-2014-3719 NVD advisory