SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php.

SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.