PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote malicious users to execute arbitrary PHP code via a URL in the id parameter.
source: wwwsecurityfocuscom/bid/42974/info
SZNews is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input
An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process This may allow the ...