This indicates a possible attempt to exploit a SQL injection vulnerability in CodeAvalanche News.
The vulnerability is due to an input validation error in the "inc_listnews.asp" script. The script does not validate the "CAT_ID" parameter before using it in SQL statements. This can be exploited to conduct SQL injection attacks.
CodeAvalanche News 1.x
System compromise: execution of arbitrary SQL commands on the system.
Currently we are not aware of any vendor supplied patches for this issue.