SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.