SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.
https://www.exploit-db.com/exploits/6044
https://exchange.xforce.ibmcloud.com/vulnerabilities/43729