SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote malicious users to execute arbitrary SQL commands via the newsid parameter.
powie pnews 2.03