SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote malicious users to execute arbitrary SQL commands via the cid parameter.
xoops library module