SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/23309
http://www.vupen.com/english/advisories/2005/2641
http://www.securityfocus.com/bid/15635
http://secunia.com/advisories/17806
http://pridels0.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html