There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to modify a SELECT query, leading to information disclosure, XSS, or privilege escalation. What's more, passwords are stored in the database as plaintext, making user accounts very easily compromised.

In some versions of the software I have encountered, the following proof of concept will display a corresponding username and password in the "core" field and "reputation" field on the page, respectively.

Proof of Concept: URL has been wrapped for readability

http://path.to/cms/index.pl?node_id=0/**/UNION/**/SELECT
/**/null,101,null,1,null,null,passwd,null,null,nick,null
/**/FROM/**/user/**/WHERE/**/nick/**/!%3d/**/''/**/%23

In other, probably more recent versions, a 13-column query is required for the UNION.

The ideal fix would be to ensure that the node_id request variable is the appropriate data-type (signed int) before passing it as part of a SQL query.