SePortal version 2.5 suffers from a remote SQL injection vulnerability in the sp_id variable of staticpages.php. This version has already had known SQL injection vulnerabilities noted in 2011.
8f4257a80f761be925bfdf6c5c86b1aa0a890871ff237d0be07eb7a35351f1e2