SQL injection vulnerability in read.php in Flashlight Free Edition allows remote malicious users to execute arbitrary SQL commands via the id parameter.
ringsworld flashlight free edition