SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26858
http://www.securityfocus.com/archive/1/435287/100/0/threaded