SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/30209
http://www.securityfocus.com/archive/1/451304/100/0/threaded