CVE-2009-2389
CVE-2009-2389 affects USOLVED NEWSolved 1.1.6: the vulnerability is in newsscript.php when magic_quotes_gpc is disabled. An attacker can trigger SQL injection via the archive action using one of three parameters (jahr, idneu, or newsid), enabling remote execution of arbitrary SQL commands. The ex...