http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-060

SilverNews2.0.3存在SQL注入漏洞。这使得远程攻击者可以借助如Admin控制面板的登陆页面上的用户字段执行任意的SQL命令。

来源:SECUNIA
名称:16315
链接:http://secunia.com/advisories/16315
来源:BID
名称:14466
链接:http://www.securityfocus.com/bid/14466
来源:MISC
链接:http://www.rgod.altervista.org/silvernews.html
来源:XF
名称:silvernews-username-sql-injection(21688)
链接:http://xforce.iss.net/xforce/xfdb/21688
来源:OSVDB
名称:18517
链接:http://www.osvdb.org/18517
来源:SECTRACK
名称:1014622
链接:http://securitytracker.com/id?1014622
来源:BUGTRAQ
名称:20050803Silvernews2.0.3(possiblypreviousversions)SQLInjection/LoginBypass/Remotecommandsexecution/crosssitescripting
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112309780321088&w;=2