Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php and the (2) note parameter to blog.php.