A PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter.
Web-News version 1.6.3 and prior.
Execute arbitrary PHP code.
Currently we are not aware of any vendor-supplied patches for this issue.
SourceForge Website, Web-News at http://sourceforge.net/projects/web-news/.