SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.Referenceshttps://www.exploit-db.com/exploits/7851http://www.securityfocus.com/bid/33404https://exchange.xforce.ibmcloud.com/vulnerabilities/48175
