CVE-2001-0234

NewsDaemon is affected prior to version 0.21b, where a malformed user_username parameter allows remote attackers to execute arbitrary SQL queries and gain administrative privileges on the web site. The issue enables remote access to administer NewsDaemon through the web interface. Remediation: up...