Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 allow remote attackers to execute arbitrary SQL commands via the (1) cat, (2) pic and (3) page parameter in index.php; (4) id parameter in postcard.php; and (5) cat parameter in print.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26066
http://www.vupen.com/english/advisories/2006/1525
http://www.securityfocus.com/archive/1/431982/100/0/threaded