SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736.
https://www.exploit-db.com/exploits/5678
https://exchange.xforce.ibmcloud.com/vulnerabilities/42646