SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote malicious users to execute arbitrary SQL commands via the article parameter.
bosdev bosnews 4