SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
flexible poll project flexible poll 1.2