cpe:/a:sun-jester:opennews:1.0 CVE-2009-2735 2009-08-11T06:30:00.627-04:00 2017-09-18T21:29:17.983-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-08-11T09:38:00.000-04:00 SECUNIA 36154 OSVDB 56812 EXPLOIT-DB 9371 VUPEN ADV-2009-2168 XF opennews-admin-sql-injection(52289) SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.