SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote malicious users to execute arbitrary SQL commands via the shownews parameter.
powie psys 0.7.0