JNews, 8.5.1 and all previous,
SQL Injection
Resolution: update to 8.7.1
Update notice url: http://www.joobi.co/blog/jnews-8-7-released.html
Note that due to discrepancy in developer's code between package and repository, some versions of previous security release 8.6.1 are still vulnerable. Therefore users should make sure they update to 8.7.1 to avoid confusion
Please contact the developer for more information