SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter.

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb.