SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote malicious users to execute arbitrary SQL commands via the cat parameter.
anserv auction xl