music collection, 3.0.3 ,SQL Injection
Developer statement: currently at version 3.0.6, this was already fixed in 3.0.4