SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote malicious users to execute arbitrary SQL commands via the catcode parameter.
alan ward a-faq 1.0