Vulnerabilities > SH News > SH News > 3.0

DATE	CVE	VULNERABILITY TITLE	RISK
2007-12-17	CVE-2007-6391	SQL Injection vulnerability in Sh-News 3.0 SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. network low complexity sh-news CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.