Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.Referenceshttp://www.securityfocus.com/bid/26984https://www.exploit-db.com/exploits/4770http://osvdb.org/40369http://osvdb.org/40368
