PHP Labs' Top Auction has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "viewcat.php" script, with injecting SQL statements in the "category" or "type" parameter.
PHP Labs Top Auction
PHP Labs Survey Wizard
Currently we are not aware of any official supplied fix for this issue.