SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.