phpnews.txt
SQL Injection vulnerability in PHPNews 11/25/2004 Description: A vulnerability has been reported in PHPNews, which can be exploited by malicious people to conduct SQL injection attacks Input passed to the "mid" parameter in "sendtofriendphp" is not properly sanitised before being used in a SQL...