SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
https://www.exploit-db.com/exploits/5340
https://www.exploit-db.com/exploits/5244
https://exchange.xforce.ibmcloud.com/vulnerabilities/41188
http://www.securityfocus.com/bid/28229
http://secunia.com/advisories/29362
http://secunia.com/advisories/29359
http://packetstormsecurity.org/0804-exploits/runcms11a-sql.txt