CVE-2005-3853 Information

Description

SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php.

Reference

http://pridels0.blogspot.com/2005/11/snews-13-sql-injection.html http://secunia.com/advisories/17688 http://www.osvdb.org/21093 http://www.vupen.com/english/advisories/2005/2585