Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpfreenews phpfreenews |