cpe:/a:comdev:comdev_news_publisher:4.1.2 CVE-2008-1872 2008-04-17T15:05:00.000-04:00 2017-09-28T21:30:54.397-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-04-18T12:15:00.000-04:00 ALLOWS_OTHER_ACCESS BID 28622 SECUNIA 29697 EXPLOIT-DB 5362 XF newspublisher-index-sql-injection(41663) SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.