JNews, 8.5.1 and all previous,
SQL Injection
Resolution: update to 8.7.1
Update notice url: http://www.joobi.co/blog/jnews-8-7-released.html
Note that due to discrepancy in developerβs code between package and repository, some versions of previous security release 8.6.1 are still vulnerable. Therefore users should make sure they update to 8.7.1 to avoid confusion