College Website CMS had an SQL injection into the department id parameter. discovered by Ayed Alqahtani (lus33r)