SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.