CVE-2005-3956
DMANews 0.904 and 0.910 are affected by multiple SQL injection vulnerabilities in index.php. The flaws allow remote attackers to inject arbitrary SQL commands through (1) the id parameter in a comments action and (2) the sortorder and (3) display_num parameters in a news_list action. The provided...