CVE-2005-2156 Information

Description

SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the prevnext parameter.

Reference

http://sourceforge.net/project/shownotes.php?group_id=66322&release_id=339317 http://www.securityfocus.com/bid/14133