Hey I don't know if any of you guys checked your admincp fully you will see vars inside an query not covered with sqlesc() you might do so by going to your /var/www/html/ grab admincp.php now search for your sql_query and update the vars to be protect with sqlesc() also I know it is not like tbdev so sql query is different and you will need to check tbdev to get sqlesc() it was a quick scan if you know more then please share with me here