Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter.