CVE-2005-2637
PHPFreeNews 1.40 and earlier contains multiple SQL injection vulnerabilities. Remote attackers can manipulate SQL via (1) Match or (2) CatID parameters to SearchResults.php, or (3) the password to AccessControl.php. Affected product/version: PHPFreeNews 1.40 and earlier. Root cause: unsafely hand...