eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.