[原文]SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module.
phpWebSite contains a flaw that will allow an attacker to inject arbitrary SQL
code. The problem is that the "ANN_id" variable in the "notes" module is
not verified properly and will allow an attacker to inject or manipulate SQL
Currently, there are no known upgrades, patches, or workarounds available to
correct this issue.