SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
http://www.vupen.com/english/advisories/2006/5085
http://www.securityfocus.com/bid/21676
http://www.securityfocus.com/archive/1/454857/100/0/threaded