CVE-2005-2156

SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the prevnext parameter.

Date published : 2005-07-06

http://www.securityfocus.com/bid/14133

http://sourceforge.net/project/shownotes.php?group_id=66322&release_id=339317