The GET parameter «id» in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
