Secunia Security Advisory - rgod has reported a vulnerability in the WF-Downloads module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the list parameter in viewcat.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that magic_quotes_gpc is disabled. The vulnerability has been reported in version 2.05. Other versions may also be affected.
f2e0d9b82eebb522e0559aa40f0b7ec7813d14b8f6af2e5366a94a7b97ffbfb1