CVE-2006-1543

Name of the Vulnerable Software and Affected Versions: VNews version 1.2

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the loginvar parameter in admin/admin.php, and the news and nom parameters in news.php.

Recommendations: For VNews version 1.2, consider restricting access to the admin/admin.php and news.php scripts until a fix is available. As a temporary workaround, avoid using the loginvar, news, and nom parameters in the affected API endpoints.