A security researcher from Egypt has found vulnerabilities on Flickr Photo Books, a new feature for printing custom photo books through Flickr that was launched 5 months ago. Ibrahim was able to write new files on the server that let him upload a custom ‘code execution shell’ He claimed to have found two parameters (page_id, items) vulnerable to Blind order_id) Direct SQL Injection that allowed him to query the Flickr database for its content by the injection of a SQL SELECT statements. Successful exploitation could allow an attacker to steal the Database and MYSQL administrator password.
Source: https://thehackernews.com/2014/04/flickr-vulnerable-to-sql-injection-and.html