Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2504)