This instance was not actually exploitable for SQL injection as it is not callable directly via RPC and guarded by other queries when indirectly called. Still plain awful.