Blog System v1.2 (http://www.netartmedia.net/blogsystem/) is vulnerable to 2 SQL injection vulnerabilities for failure to correctly sanitize SQL parameters. http://[HOST]/index.php?mode=home&cat=-99[SQL CODE] http://[HOST]/blog.php?user=[USER]¬e=-99[SQL CODE]