Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters.Referenceshttp://www.securityfocus.com/bid/15957/https://exchange.xforce.ibmcloud.com/vulnerabilities/23727http://www.osvdb.org/21854http://pridels0.blogspot.com/2005/12/direct-news-sql-inj.htmlhttp://www.osvdb.org/22340
