SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.