CVE-2005-2383 Information

Description

SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the user parameter in an HTTP POST request.

Reference

http://marc.info/?l=bugtraq&m=112189453304389&w=2 http://newsphp.sourceforge.net/changelog/changelog_1.30.txt http://secunia.com/advisories/16148 http://www.securityfocus.com/bid/14333