SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote malicious users to execute arbitrary SQL commands via the newsid parameter.
china-on-site flexphpnews