SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote malicious users to execute arbitrary SQL commands via the categorynbr parameter.
cfmsource cfmblog -