SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter.