SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote malicious users to execute arbitrary SQL commands via the itemid parameter.
curtiss grymala cag cms 0.2