SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.Referenceshttp://www.securityfocus.com/bid/31118http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt
