SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter.
http://www.vupen.com/english/advisories/2005/2750
http://www.securityfocus.com/bid/15746
http://secunia.com/advisories/17911
http://pridels0.blogspot.com/2005/12/pluggedout-blog-sql-vuln.html