CVE-2006-1576
QLnews 1.2 contains a direct static code injection vulnerability that lets remote authenticated administrators execute arbitrary PHP code by modifying config.php. Root cause is injection via config.php; impact across confidentiality, integrity, and availability is implied in CVSS 2.0. No patch is...