There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to modify a SELECT query, leading to information disclosure, XSS, or privilege escalation. What's more, passwords are stored in the database as plaintext, making user accounts very easily compromised.

http://www.securiteam.com/unixfocus/5SP020UNFA.html