SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter.
https://www.exploit-db.com/exploits/5598
https://exchange.xforce.ibmcloud.com/vulnerabilities/42355