CVE-2007-2994

Name of the Vulnerable Software and Affected Versions: DGNews version 2.1

Description: A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the newsid parameter in a "fullnews" action.

Recommendations: For DGNews version 2.1, consider restricting access to the newsid parameter in the "fullnews" action to minimize the risk of exploitation. As a temporary workaround, avoid using the newsid parameter in the affected news.php file until a patch is available.