The suite of payment infrastructure and management systems SmartVista created by the BPC Group is vulnerable to SQL Injection attacks.