SQL injection vulnerability in index.php in NooTopList 1.0.0 release 17 allows remote attackers to execute arbitrary SQL commands via the (1) o or (2) sort parameters.
CVSS Metrics
