SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote malicious users to execute arbitrary SQL via the mysql_prefix parameter.
php arena panews 2.0.4b