SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote malicious users to execute arbitrary SQL commands via the cid parameter.
xoops tutoriais module