SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.Referenceshttp://www.securityfocus.com/archive/1/424958/100/0/threadedhttp://securityreason.com/securityalert/431http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0297.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/24675http://www.securityfocus.com/bid/16647
