SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote malicious users to execute arbitrary SQL commands via the cid parameter.
xoops repository module