There is no known sql injection hole in powerCMS. I would be very interested in investigating this with you to make sure that there isn't a problem.
I tried to open up a support incident to investigate further with you over the phone to see if there is a problem with that version of powerCMS... however I don't have you on record as having a copy of the software, which is a requirement for opening support incidents.
Maybe email me offline ray@webassist.com and I can schedule a phone call to look into the problem with you directly.