SQL injection through the x parameter in plus/ajax street.php in 74cms 3.2.0.
In order to patch this vulnerability, please install the official patch the vendor made available for supported, vulnerable instances.