CVE-2007-2994
DGNews 2.1 contains a SQL injection vulnerability in news.php. Specifically, the vulnerability is exploitable via the newsid parameter in the fullnews action, allowing remote arbitrary SQL execution. This CVE is CVE-2007-2994; related CVE-2007-0693 covers a different vector (catid parameter in ne...