SAP vulnerability, reported in 2010, finally patched
in SearchSecurity by Peter Loshin