CVE-2009-2921 Information

Description

Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).

Reference

http://www.exploit-db.com/exploits/9353 http://www.vupen.com/english/advisories/2009/2161 https://exchange.xforce.ibmcloud.com/vulnerabilities/52231