Alexandria Book Library by Federica Ugolotti, versions 3.1.3 and previous, SQL Injection
note that security release 3.1.3 does not fully fix the issue
resolution: update to 3.1.4
update notice: alexandriabooklibrary.org/en/downloads/18-components.html
.