Exploit Title:  Easy Fast Admin sql injection Vulnerability

Author: ANDREA BOCCHETTI

Security Risk : High - SQL Injection

download Link  Or Vendor Home: http://www.easyfastadmin.org

Affected versions:
All Cms version

Credits:
This vulnerability was discovered and researched by Andrea Bocchetti

Impact:
An attacker can execute SQL statements.

Vendor Status:
Vendor was contacted 

Timeline:
Vendor Notification - 04/10/2012
Vendor Response - nothing
Fix - no
Public Disclosure - 08/10/2012

Date: 08/10/2012

==================================
id  parametr is injectable

# Exploit : [SQL]

articoli.php?id [sql]
news.php?id [sql]

Demo : http://www.demo.com/news.php?id= sql
Demo : http://www.demo.com/articoli.php?id= sql
Demo : Demo : http://www.demo.com/xxx.php?id= sql