SQL injection vulnerability in the gethistorylastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the sendhistorylastid function in zabbixserver/trapper/nodehistory.c.