Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter.Referenceshttps://github.com/Paroxyste/Simply-Blog/issues/1
