SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
https://www.exploit-db.com/exploits/6310
https://exchange.xforce.ibmcloud.com/vulnerabilities/44698
http://www.securityfocus.com/bid/30839