Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/30422
http://www.securityfocus.com/archive/1/452116/100/0/threaded