SQL Injection in Magento Core