CVE-2007-2554
Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript.
Date published : 2007-05-09
http://www.securityfocus.com/archive/1/467962/100/0/threaded