SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote malicious users to execute arbitrary SQL commands via the list parameter.
xoops wf-downloads 2.05