SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/25898
http://pridels0.blogspot.com/2006/04/article-publisher-pro-sql-inj.html