E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).Referenceshttps://k33r0k.wordpress.com/2017/10/12/e-sic-sql-injection/https://www.exploit-db.com/exploits/42979/
