SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
pridels0.blogspot.com/2005/11/top-auction-multiple-sql-vuln.html
secunia.com/advisories/17687
www.osvdb.org/21105
www.osvdb.org/21106
www.securityfocus.com/archive/1/466565/100/200/threaded
www.securityfocus.com/archive/1/466569/100/200/threaded
www.securityfocus.com/bid/15547
www.vupen.com/english/advisories/2005/2552
www.exploit-db.com/exploits/3456