SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
https://www.exploit-db.com/exploits/3456
http://www.vupen.com/english/advisories/2005/2552
http://www.securityfocus.com/bid/15547
http://www.securityfocus.com/archive/1/466569/100/200/threaded
http://www.securityfocus.com/archive/1/466565/100/200/threaded
http://secunia.com/advisories/17687
http://pridels0.blogspot.com/2005/11/top-auction-multiple-sql-vuln.html