SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter.

SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter.

Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id.