Update: Versions 2.2.x are also affected to the SQL Injection issue. A patch is available from http://forums.invisionpower.com/index.php?showtopic=276512. They just corrected the SQL Injection vulnerability. All versions are still affected to the other issues.