SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.

Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in users/comments.php, (2) category_id and (3) id parameters in users/kb.php.