Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the cat parameter in index.php and (2) the note parameter in blog.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/23430
http://www.vupen.com/english/advisories/2005/2767
http://www.securityfocus.com/archive/1/418640/100/0/threaded
http://securityreason.com/securityalert/230
http://secunia.com/advisories/17893/
http://pridels0.blogspot.com/2005/12/blog-system-v12-sql-inj-vuln.html