SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote malicious users to execute arbitrary SQL commands via the catid parameter.
scriptdemo php-lance 1.52