SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.
https://www.exploit-db.com/exploits/8533
http://www.securityfocus.com/archive/1/502933/100/0/threaded