CVE-2006-1534
Null news suffers SQL Injection vulnerabilities (CVE-2006-1534). The affected scripts are lostpass.php (parameter: user_email) and sub.php/unsub.php (parameters: user_email and user_username). The root cause is improper sanitization of these inputs, allowing remote attackers to execute arbitrary ...