CVE-2005-4527 Information

Description

Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters.

Reference

http://pridels0.blogspot.com/2005/12/direct-news-sql-inj.html http://www.osvdb.org/21854 http://www.osvdb.org/22340 http://www.securityfocus.com/bid/15957/ https://exchange.xforce.ibmcloud.com/vulnerabilities/23727