SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote malicious users to execute arbitrary SQL commands via the CatDisplay parameter.
fusebox fusebox 5.5.1