CVE-2005-2637 Information

Description

Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php or (3) the password to AccessControl.php.

Reference

http://marc.info/?l=bugtraq&m=112439254700016&w=2 http://secunia.com/advisories/16490/ http://securitytracker.com/id?1014726 http://www.securityfocus.com/bid/14589