Tony Baird · Tony Baird Fantastic News · CVE-2006-0972
**Name of the Vulnerable Software and Affected Versions**
Tony Baird Fantastic News version 2.1.1
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `page` parameter in the news.php file.
**Recommendations**
For version 2.1.1, update the news.php file to properly sanitize the `page` parameter to prevent SQL injection attacks.