Because of this vulnerability in wp-postratings.php, the authenticated users can execute arbitrary SQL commands via the id attribute of the rating shortcode when creating a post.
Solution
Update the plugin to the latest available version (at least 1.62).