SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/46973http://www.securityfocus.com/bid/32561https://www.exploit-db.com/exploits/7317http://osvdb.org/50373http://secunia.com/advisories/32870
