SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/32470
http://www.securityfocus.com/archive/1/459979/100/0/threaded