During last few weeks in the middle of time I was doing also some source code review.
That's how I found sqli bug in admin panel in e107 CMS. After a fast response from e107 Team,
fix was created.
This bug was found in e107_2.0_full_beta1 version. I don't know if other versions are also vulnerable.
Details about the vulnerability (even when it's in admin panel) will not be published for now.
Stay in touch. ;)