CVE-2006-1237
Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php.
Date published : 2006-03-15
http://www.securityfocus.com/bid/17111
http://www.securityfocus.com/archive/1/428664/100/0/threaded