[HIGH] SQL Injection in extension "News system" (news)

PKSA-grgc-xpj3-tvw1 CVE-2026-8726 GHSA-g868-j3qm-4j28

Affected package: georgringer/news

Affected version: <10.0.4|>=11.0.0,<11.4.4|>=12.0.0,<12.3.2|>=13.0.0,<13.0.2|>=14.0.0,<14.0.3

Reported by:
FriendsOfPHP/security-advisories, GitHub